Illegal Cash Withdrawal
Citigroup’s credit and debit cards, which suffered from illegal cash withdrawal incidents in Thailand last month, were also involved in hundreds of card frauds overseas in 2016.
According to Citibank on May 15, affiliated stores at Paypal in the U.S. were targeted with a BIN attack in June 2016 and 1,000 cases of information of Citibank Korea’s A+ Check Card, which made transactions with the relevant stores were illegally leaked, causing damages worth 30 million to 40 million won (US$26,502 to 35,336).
A bank identification number (BIN) is the first six out of 16 numbers that appear on a debit and credit card. The BIN uniquely identifies the institution issuing the card. The BIN attack is a method in which valid card numbers are randomly generated by changing the last ten numbers.
For the BIN attack in the U.S. last year, fraud caused a small amount of damage as hackers were unable to check the balance of victims’ accounts and they made micro-payments of US$10 to 20 (11,320 won to 22,640 won) at a time, according to Citibank.
In addition, Citibank suspended transaction of cards that involved in fraud and is repaying the money to card owners.
Meanwhile, the labor union at Citibank Korea said that the bank hasn’t come up with fundamental countermeasures, though hackers overseas keep illegally using Citibank’s A+ Check Cards, asking the Financial Supervisory Service to open an investigation.