NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm — Krebs on Security
Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse.
Tim Erlin, VP, product management and strategy at Tripwire, provided the following comments:
“The complexity of the interconnected financial services industry is difficult for the average consumer to comprehend. This complexity provides avenues for attackers to exploit. A variety of services have grown organically from the more traditional banking system, and while security is often a top concern for each institution, the gaps between them can leave room for risk. When you have an incident to deal with, you can only take action on the systems where you have control. It will be telling to see if this type of incident-driven access control is a recurring theme for the industry.”