South African bank has to replace 12 million debit and credit cards after employees steal the 36-digit encryption host master key that can open any bank account
This is one exercise that will prove costly for Postbank, the African Bank. But it will have to replace the debit and credit cards of all its customers to save itself from further loss. And the figure is 15 million payment cards- the cost $58 million. Postbank is the banking division of the South African government-operated Post Office. It has branches even in the remotest villages of South Africa.
It so happens that some Postbank employees schemed and stole the master key is a 36-digit code (encryption key) that allows its holder to decrypt the bank’s operations and even access and modify banking systems. It is also used to generate keys for customer cards. The rogue employees managed to print the 36-digit encryption code called HMK or Host Master Key in plaintext on a piece of paper in 2018 and are using it since then to scam the bank of small amounts.
However, the total amount they have defrauded now works out to $3.2 million. Now Postbank has no other option other than to replace the credit cards and debit cards issued to all its customers and come up with a new encryption key. This master fraud scheme came to light when the Sunday Times of South Africa broke the story. The website says that the rogue employees used the host master key between March and December 2019 to access accounts and make more than 25,000 fraudulent transactions, stealing more than $3.2 million (56 million rands) from customer balances.
After the discovery of the fraudulent transactions, Postbank has decided to replace all customer payment cards that have been generated using the stolen master key. And the bill for this replacement scheme is more than $58 million.