Central Coast Council in NSW appears to have been caught up in a carding attack, with cybercriminals using council’s payment system to validate card numbers.
The attack “may have impacted any card holders across Australia, not just those who transact with council,” the council said in a statement on Thursday.
Council said it had taken its online payment channel offline while the incident is being investigated by it and the payments gateway provider, who is not named.
In a statement, the council said that “suspicious activity” was detected late Wednesday, with a series of “random card numbers … tested for authenticity by making small payments to council”.
“Hundreds of these payment attempts were rejected, but we are aware that fewer than 20 were successful,” the council said.
Central Coast Council said it is not the only organisation using the payments service that was impacted.
“It is understood a number of other organisations have been similarly impacted,” the council said.
The attack appears to bear characteristics of carding or credit card stuffing attack.
According to one definition, “Carding is an automated form of payment fraud in which fraudsters test a bulk list of credit or debit card data against a merchant’s payment processing system to verify breached or stolen card details”.
Credential stuffing attacks have been in the public spotlight in Australia this year, after a separate set of attacks impacted “thousands” of online shoppers.
About Author
