The security breach that led to a Gulf-based bank getting ensnared in a multi-million-dollar ATM heist may have happened at a company based in Pune, people familiar with the matter said. Access to the National Bank of Ras Al Khaimah PSC (RAKBANK) could have happened through Pune-based ElectraCard Services, which provides credit card payments processing services for the UAE-based bank.
US federal prosecutors said in a complaint last week that RAKBANK and Bank of Muscat Oman were hacked by a global cyber-crime ring that first breached the computers at an outsourced Indian credit card processor in December and then the computers of a similar American processor to gain access to critical data that made the crime possible. The cyber thieves are believed to have stolen $45 million (Rs 247 crore).
RAKBANK did not reply to an email seeking comment. ElectraCard and its public relations agency did not respond to calls and messages seeking comment.
ElectraCard, which is part of the Opus Software Group, is partially-owned by the world's number two payment network MasterCard. It provides payment processing for prepaid cards, the type of product that the hackers targeted according to US prosecutors.
RAKBANK had rolled out Infosys Finacle core-banking software around the same time the reported security breach took place. The Bangalore-based company clarified that Finacle does not "have any credit card processing solutions or products."
The heist, which was predicated on the breach of an Indian outsourcing company, comes at a time when the sector is facing immense scrutiny about its cyber-security.
India has threatened to stall a Free Trade Agreement with Europe, unless given a Data Secure Status, which would help the country attract more work from that continent. The European Union has been unwilling to give India the status given the lack of enforcement, accountability and penalty guidelines in the country's existing Information Technology rules.