NCR temporarily blocked Mint and QuickBooks Online, two third-party financial data aggregators, from accessing Digital Insight, an online banking platform used by hundreds of financial institutions.
That temporary ban came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to survey and drain consumer accounts.
At the end of October 2019, NCR’s platform Digital Insight had several dozen customer accounts hacked and, according to security researcher Brian Krebs, the attackers appeared to automate the unauthorised logins, which took place over a week in several distinct 12-hour periods in which a new account was accessed every five to ten minutes.
In many cases the aggregator service did not pass through prompts sent by the credit union’s site for multi-factor authentication, meaning the attackers could access customer accounts with nothing more than a username and password.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now