Hackers strike again in attack on eateries

January 25, 2010
joongang.co.kr

Hackers cracked into the credit card processing networks of several popular restaurant chains in Korea from December through early this year, obtaining personal information from customers to make fake cards and ring up millions of won in purchases.

Authorities said the resulting monetary damage could exceed similar high-profile hacking incidents over the past two years, though they did not provide data on the chains involved or the estimated number of consumers affected.

The cyber crime unit of the national policy agency and local financial authorities said yesterday that the hackers manufactured fake credit cards based on the stolen information, charging roughly 190 million won
($165,794) in purchases abroad.

A Financial Supervisory Service official said the hacker made a total of 460 transactions with the fake credit cards.

Authorities alerted the credit card providers about the latest development, and the firms are now contacting affected customers and reissuing cards with new numbers.

It's the latest incident in a string of hacking attacks on local credit card payment networks over the past two years, deepening concern among consumers and companies alike.

Similar hacking attacks on several local retail chains - whose names were not revealed - in April 2008 forced some 20,000 Koreans to get new credit cards.

Hackers used the information gleaned in the attacks to produce fake cards, making 310 purchases worth 166 million won.

In August through September of last year, hackers obtained the credit card information of about 2,360 people who swept their cards in local restaurants and bar chains. In these cases, the hackers made purchases worth 78 million won using fake cards.

Industry officials said that the smaller chain businesses are particularly susceptible to these types of attacks, as they don't have as advanced security systems in place as their larger peers.

"The [credit card payment] processing networks of large business chains like big discount stores are relatively well protected in this regard,"
said one official at the Credit Finance Association of Korea. "But small and midsized chains are far more vulnerable in terms of securities measures."

In the face of intensifying hacking threats, the Financial Supervisory Service, the Credit Finance Association and credit card companies last month formed a joint task force team to come up with possible solutions to prevent such attacks.