Crime was carried out by a syndicate and involved breaking into the computer systems of global financial institutions
ElectraCard Services (ECS), the Pune-based payment card processing company, said the value of transactions that hit the firm in a fraud incident was less than $5 million (Rs 27 crore), as it sought to distance itself from the $45-million global cyber crime.
The company was involved only in a $5 million incident in December and not in the $40 million one which happened in February. Even in this $5 million, there were a number of entities involved, thus further lowering the amount involving the company, said Ramesh Mengawade, chief executive officer of ECS.
Earlier, the US Department of Justice (DoJ) had pegged the size of the fraudulent transactions at $45 million. The crime was carried out by a syndicate and involved breaking into the computer systems of global financial institutions, stealing card data and eliminating withdrawal limits.
“The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe,” said a document from the US DoJ.
Mengawade added the international syndicate had managed to break into four-five bank accounts through the ECS system, however, no money could have been withdrawn without the PIN and magnetic stripe data, which were obtained elsewhere.
Companies like ECS require compliance with the PCI-DSS standards of the PCI Security Standards Council (whose certifications are recognised by international payment associations such as Visa and MasterCard), said a release from the company. The company is looking to be re-certified and re-listed following the incidents. The process may take a couple of months.
Meanwhile, ECS is carrying out its own investigations and has appointed a forensic firm for the same, Mengawade added.