The theft or loss of sensitive information, as well as the discovery of financial fraud, often prompts organizations to focus on improving their information security postures and approaches. An analysis of the technical and organizational factors that allowed an incident to take place forms the basis of a remediation plan to prevent similar types of incidents from happening in the future.
A bank in Indonesia suffered a multimillion dollar loss due to fraudulent payment card transactions. Our initial task was to determine what technological resources and knowledge was necessary to perpetrate the fraud. This information was used to focus police and bank investigations onto relevant suspects. We further conducted detailed examination of the bank’s merchant acquiring business procedures, security features and vulnerabilities in payment card transaction protocols and products, as well as the bank’s internal fraud-prevention activities. Our analysis enabled the bank to develop a profile of the criminals and know what technological and procedural security changes they would need to make to protect their payment card business going forward.