* Posts by Payment Monkey

3 posts • joined 12 Aug 2010

Zeus botnet raid on UK bank accounts under the spotlight

Payment Monkey

Ha Ha Ha Ha Ha Ha Ha Ha Ha!

"doing it right" and Santander in the same sentence ... Ha Ha Ha Ha Ha Ha Ha Ha Ha!

Best laugh in ages.

Never had a phishing email until I opened a Santander Debit card account. On the day it was approved - phishing deluge. I sent all the emails to the Santander security people - nothing, no response, nada! What is worse, in my view, is that I sent them internally, from my Santander email address ...

Payment Monkey

Twaddle ...

If I was going to take you seriously, I would expect some sort of explanation of your reasoning over and above the Daily Mail fodder that comes out of Cambridge University. If you know anything about card fraud, you'll know that they don't!

Alleged ring leader extradited in $9.4m RBS WorldPay heist

Payment Monkey

Detailed - why? It just needs to make logical sense.

No one is expecting a detailed description of the so-called hack and the fraud process. What one would expect, though, is for the sketchy details to make sense in the context of the banking operation. The problem is that they don't! The PIN question is an interesting on, even if you think it's unimportant because the details are hazy. Banks don't store PINs, they store PIN Offsets, so even if the crims got hold of the "PIN database" as you guys like to call it, and were able to decrypt it and extract the numbers, they wouldn't have the PINs.

The question is a sensible one. It's standard banking policy to store PIN offsets, not PINs. So, the question remains, where did the PINs come from?


Biting the hand that feeds IT © 1998–2021