Credit card processors and other 3rd-party IT service contracts in the financial industry
Is this related to the recent Capital One issues?
This is the sort of error that goes unfixed for as long as there is any shred of “plausible deniability.” There’s a ~2%± rate of credit card fraud that “absolutely must” be maintained in order for certain other professional “anti-fraud” services in the industry to be justified, and in turn maintain their profitability.
Skip to content
The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals. ... Philippe Caturegli, founder of the security consultancy Seralys ... said he guessed that nobody had yet registered the domain akam.ne, which is under the purview of the top-level domain authority for the West Africa nation of Niger. ¶Caturegli said it took $300 and nearly three months of waiting to secure the domain with the registry in Niger.
Wait a second! This fellow had legal papers served in a foreign country on his own authority to obtain control of a banking domain. We’ve heard about Russian thieves in law who abuse legal process for organized theft, but this is an Italian family name and a company that offers “manual penetration testing and cybersecurity consulting.”
The company’s language of fisting and finger-prodding is a little bit too obscene in the business of men who offer services to bank tellers.