It makes me peeved when these reports omit the names of the parties that were compromised in the intent of "protecting" their name. If I was a customer of one of the banks that got broken into, I think it would be my right to know that they're insecure so that I could put my money elsewhere.
It's even more infuriating when your bank tells you a vendor you did business with was compromised and they refuse to tell you who. And it gets worse when they issue you a brand new credit card with a new number because of the un-named compromised vendor. But rest assured dear customer, your old number will still function...
I've done a bit of digging and if you look at the RAKBANK prepaid portal [0] you can see the service is powered by ECS which is based in India [1], with offices in the US, UAE and Singapore.
Not sure about the other one, the bank of Muscat site is a bit crap, didn't find mention of the processor in the T&Cs or description of the cards [2].
More importantly electraCard is certified PCI compliant by Control Case [0]. I think, this is the primary reason electraCard's name is not on the news; it has been certified secure by the payment industry standard [1]. Either Control Case failed to perform audit properly or the hackers had some serious skills.
The point is that it isn't suppose to be the news to report it. Your bank should let you know, and let you know what they are doing it to prevent it in the future, etc. Otherwise everyone would be up in arms over something that may have been out of their banks control.
I am at a loss as to why the news supposed to report it? That is part an parcel of investigative journalism.
It maybe because the vulnerabilities still exist and they don't want the general public to know about it. Yet this rings hollow as the bad guys still know about it.
Looks like it was "debit accounts issued by the National Bank of Ras Al-Khaimah" and "cards issued by the Bank of Muscat in Oman" - not the ATM owners.
