Citibank ATM's become the target of fraudulent withdrawals by at least two men this February. Allegedly, the entire incident was related to a computer security breach into Citibank's servers that process ATM transaction.
This is a first time that actual major financial fraud is related to a computer security incident. However, Citibank denied that any of their systems were compromised.
The Threat Level Blog of Wired magazine is following the story with a new development, in which new frauds are appearing and Citibank is replacing ATM cards to a number of their customers. In the letters sent to customers, Citibank is explaining the replacement with an "identified data compromise involving the credit and debit card payment system used by a third party ATM network"
Naturally, both Citibank and the authorities will not reveal details of the problem until it has been rectified, and even then certain elements may not be disclosed to the public. This series of events sheds a light on a different and largely omitted aspect of data security:
- Another organization's lapse in security can caused you a lot of grief and negative exposure
- Security breach of your information can easily be caused by a business partner whose security is not up to expectations
- The attackers will not always approach you, in order to steal from you
In today's networked business, there is no foolproof protection for your information. But in order to minimize the risk towards your business, exercise the following simple rules:
- Always agree on security levels for infrastructures and processes of your business partners.
- Make periodic audits that the agreed levels are respected and enforced
- Maintain vigilance on your information in the wild - the faster you identify that some information is in the wild, the less impact it will have on your business
Talkback and comments are most welcome