PULSE has reportedly received credible intelligence that a fraudulent ATM cash-out event may be attempted in the next few days. The potential attack may target prepaid accounts. Financial institutions that use hosted service providers to support their prepaid and/or debit card operations are thought to be particularly vulnerable to this threat.
A cash-out event occurs when hackers gain access to an issuer or issuer processor's authorization systems and card parameter information. Once inside, they can manipulate daily withdrawal amount limits, card balances and other card parameters in order to withdraw large sums of cash from ATMs.
PULSE recommends that all financial institutions and issuer processors take steps to monitor for and mitigate the impact of high-velocity ATM withdrawals targeted to specific accounts. For participants in Pulse’s DebitProtect service, the company says they are designing and implementing fraud rules to help mitigate the impact of this potential attack.
In other related news, Target confirmed yesterday that as many as 40 million credit and debit card accounts may have been impacted by a data breach. In a letter to customers, Target warned that customer name, credit or debit card number, the card’s expiration date, and the CVV (the three-digit security code) were stolen. Target has confirmed that the credit and debit card data was stolen from customers who made purchases between Nov. 27 and Dec. 15, 2013. Target reportedly alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is reportedly putting all appropriate resources behind these efforts.
Consumers are advised to monitor their accounts closely.