NCR temporally blocks Mint, QuickBooks from its banking platform
That temporary ban came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to survey and drain consumer accounts.
At the end of October 2019, NCR’s platform Digital Insight had several dozen customer accounts hacked and, according to security researcher Brian Krebs, the attackers appeared to automate the unauthorised logins, which took place over a week in several distinct 12-hour periods in which a new account was accessed every five to ten minutes.
In many cases the aggregator service did not pass through prompts sent by the credit union’s site for multi-factor authentication, meaning the attackers could access customer accounts with nothing more than a username and password.
NCR notified Digital Insight customers ‘that the aggregation capabilities of certain third-party product were being temporarily suspended’. However, as Brian Krebs puts it: in the absence of additional security measures put in place by the aggregators, do the digital banking platform providers like NCR have an obligation to help block or mitigate these large-scale credential exploitation attacks? KrebsOnSecurity would argue they do.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright