Criminals have successfully drained the accounts of over 100 customers at the German financial institution Commerzbank. “In some individual cases at a service provider, unauthorized debits were made from customers’ accounts for technical reasons,” a spokesman for the nation’s second-largest private bank admitted, according to the ‘Finanz-Scene’ portal. This elaborate scam involves a blend of computer hacking and traditional fraud, resulting in substantial losses, potentially reaching tens or even hundreds of millions of Euros.
“We have or will inform affected customers,” assured the spokesperson, emphasizing that the bank would rectify the bookings and customers would not incur any harm. The illegal debits are indicative of vulnerabilities within the bank’s computer system, often escaping notice by customers.
According to insiders, the criminals siphoned off a significant sum, possibly in the tens of millions, from multiple accounts, with cumulative deposits reaching hundreds of millions. It appears they exploited withdrawal cards associated with the Maestro circuit.
Maestro is a feature provided by the US payment group Mastercard for foreign transactions. On the cards, the Maestro feature is denoted by two overlaid circles, one red and one blue. Maestro enables debit card payments at cashier desks in various European countries, essentially extending the capabilities of credit cards to debit transactions.
Even Visa, the rival of Mastercard, offers a similar feature for international payments known as V-Pay. The technical term encompassing Maestro and V-Pay is ‘Co-Badge.’ Commerzbank’s Co-Badge debit cards are managed by Bank-Verlag, identified as the weak link in this financial and IT scam. The division confirmed falling victim to a fraud case involving Maestro payments.
“The security gap was immediately closed within the internal control system following the discovery of the fraud case by the bank publisher,” explained the bank publisher.
Commerzbank caters to nearly eleven million customers in the private sector, with 2.9 million associated with the online branch Comdirect, 6.2 million being private customers of Commerzbank, in addition to 900,000 traders and 600,000 asset management customers.
This incident further compounds the challenges faced by German banks, as recent news revealed Deutsche Bank’s anticipated loss of USD 350 million due to a poor real estate investment, underscoring a challenging period for the country’s financial institutions.