News

NCR temporally blocks Mint, QuickBooks from its banking platform

Thursday 7 November 2019 10:32 CET | News

NCR temporarily blocked Mint and QuickBooks Online, two third-party financial data aggregators, from accessing Digital Insight, an online banking platform used by hundreds of financial institutions.

That temporary ban came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to survey and drain consumer accounts.

At the end of October 2019, NCR’s platform Digital Insight had several dozen customer accounts hacked and, according to security researcher Brian Krebs, the attackers appeared to automate the unauthorised logins, which took place over a week in several distinct 12-hour periods in which a new account was accessed every five to ten minutes.

In many cases the aggregator service did not pass through prompts sent by the credit union’s site for multi-factor authentication, meaning the attackers could access customer accounts with nothing more than a username and password.

NCR notified Digital Insight customers ‘that the aggregation capabilities of certain third-party product were being temporarily suspended’. However, as Brian Krebs puts it: in the absence of additional security measures put in place by the aggregators, do the digital banking platform providers like NCR have an obligation to help block or mitigate these large-scale credential exploitation attacks? KrebsOnSecurity would argue they do.
More: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: KrebsOnSecurity, online security, fraud prevention, ATO, banking, NCR, US, Mint, QuickBooks, financial data
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: United States
This article is part of category

Securing Transactions