Cyber Incident Victim: OLB
Date:
Aug 2019
Location:
Germany
Summary
A German bank suffered a €1.5 million loss after criminals cloned EMV chip-and-PIN debit cards issued to approximately 2,000 customers. The Brazilian criminal gang utilized counterfeit cards and terminals to withdraw funds, exploiting stolen magnetic stripe data likely obtained through ATM or POS skimming devices. Despite EMV security protocols, cloned cards functioned without valid PINs in some cases. The bank reimbursed affected customers, blocked all compromised Mastercard debit cards, and initiated card replacements. OLB attributed the incident to organized cybercrime involving counterfeit payment instruments, denying any internal security breach. Fraud detection challenges were highlighted, with simultaneous transactions across distant geographic locations serving as potential indicators of such cloned card activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2019, criminals cloned Mastercard debit cards issued by German bank Oldenburgische Landesbank (OLB) and withdrew over €1.5 million from approximately 2,000 customer accounts. The fraudulent transactions occurred in Brazil, where an organized criminal gang used counterfeit cards and terminals to bypass EMV (chip-and-PIN) security protections. OLB confirmed the thefts on August 27, attributing the incident to "organized cybercrime involving counterfeit cards and terminals" while denying rumors of a direct security breach at the bank. The cloned cards likely originated from stolen magnetic stripe data, potentially obtained through card-skimming devices installed on ATMs or point-of-sale (POS) terminals. According to cybersecurity firm Kaspersky, Brazilian criminal networks had developed sophisticated EMV cloning capabilities since at least 2018, with some cloned cards functioning without requiring valid PINs during transactions. The simultaneous occurrence of legitimate transactions in Germany and fraudulent withdrawals in Brazil created detection challenges for the bank's fraud monitoring systems.
OLB responded by immediately blocking all affected Mastercard debit cards and initiating the process of issuing replacement cards to customers. The bank fully reimbursed all 2,000 impacted customers for their losses within days of detecting the fraud. Forensic analysis suggested the criminals exploited weaknesses in EMV implementation rather than breaching OLB's internal systems directly. Mastercard collaborated in the investigation but did not publicly disclose technical details about the compromise mechanism. The incident highlighted persistent vulnerabilities in chip-card technology when criminals obtain magnetic stripe data, particularly in regions like Brazil where specialized cloning tools were openly marketed among cybercriminal networks. Financial institutions globally continued facing difficulties distinguishing cloned card transactions from legitimate activity, with time-and-location discrepancies remaining primary fraud indicators.