'Follow the Money': NSA Monitors Financial World

By Laura Poitras, and Holger Stark

Photo Gallery: NSA Spying on Credit Card and Bank Transactions Photos
AP

Part 2: Spying on Banks and Credit Card Firms

The revelations of spying on credit card transactions are also incendiary. Under the codename "Dishfire," the intelligence agency collects information on credit card transactions from some 70 banks worldwide, most of them in crisis-ridden countries, including banks in Italy, Spain and Greece. The Americans also take advantage of the fact that many banks use text messages to inform their customers of transactions. The Dishfire program has been running since spring 2009.

The documents also show that the intelligence agency targets large credit card companies, such as the US company Visa. At an internal conference in 2010, for instance, NSA analysts provided an extensive and detailed description of how they searched for possible points of access in the complex network that Visa uses to process its transactions -- and were allegedly successful in penetrating the company's network.

During the presentation, the analysts said that the target was the transactions of Visa customers in Europe, the Middle East and Africa, adding that the idea was to "collect, parse and ingest transactional data for priority credit card associations." One slide depicts in detail how the authorization process for each transaction works, starting with a credit card reader in a store, continuing via the bank and a data processor, and finally reaching the credit card company itself. A subsequent chart points to possible "collection access points."

When contacted by SPIEGEL, a spokeswoman for Visa responded, "Visa Inc. does not have a processing facility in the Middle East or the UK." In addition, she stated, "We are not aware of any unauthorized access into our network. Visa takes data security seriously and, in response to any attemption intrusion, we would pursue all available remedies to the fullest extent of the law. Further, it's Visa's policy to only provide transaction information in response to a subpoena or other valid legal process."

Nevertheless, Visa data from the Middle East apparently ends up in the NSA database. The XKeyscore spying program is used to skim regional data from the Visa network, according to a document.

A Wide Range of Credit Card Companies

The agency's snooping efforts now focus on more than one provider. According to another document, transaction data from a wide range of credit card companies flows into the NSA financial database Tracfin. This allegedly includes data from payment authorization processes by Visa and MasterCard. All in all, "credit card data" and related text messages made up 84 percent of the datasets within Tracfin in September 2011.

MasterCard did not comment by SPIEGEL's printing deadline.

In order to find their way through the jungle of information, Tracfin analysts even have their own manual for "credit card tap search tips." On top of that, the intelligence agents have their own electronic tool that allows them to independently and very rapidly verify the authenticity of credit cards.

By all appearances, the NSA collects everything that it can in the sensitive financial sector -- at least that's the message of a presentation from April. The agency sets out to access "bulk global financial data," which is then fed into the Tracfin database, the presenter noted. Furthermore, the author concluded, thanks to network analyses and the use of the XKeyscore spying program, NSA analysts had stumbled across the encrypted traffic of a large financial network operator in the Middle East.

According to the presentation, the NSA was previously only able to decrypt payment transactions by bank customers, but now they have access to the internal encrypted communication of the company's branch offices. This "provides a new stream of financial data and potentially encrypted internal communications" from the financial service provider, the analysts concluded with satisfaction. This bank data comes from countries that are of "high interest." It's interesting to note that the targeted company is also one of the many SWIFT service partners.

The documents reveal how short-lived intelligence agencies' access to the financial world can be, as well as the fact that encryption actually can present problems, at least temporary ones, for the spies. According to one document, the agency had access to data from Western Union, a company that manages money transfers in over 200 countries, for quite some time. But in 2008 Western Union began to protect its data with high-grade encryption. This made access virtually impossible, as NSA staff members complain in one paper.

Article...
  • For reasons of data protection and privacy, your IP address will only be stored if you are a registered user of Facebook and you are currently logged in to the service. For more detailed information, please click on the "i" symbol.
  • Post to other social networks

Comments
Discuss this issue with other readers!
11 total posts
Show all comments
    Page 1    
1. optional
peskyvera 09/16/2013
Well, when is Germany and the rest of the Western world going to stop crawling up the Yankee rectum??? And what do we do now?
2. I always use cash
fung.pee 09/16/2013
For over thirty years I have used cash for everything from buying groceries to buying vehicles and even building my hotels for my wife. I do not obey US law as I am in another country, all they require is that I declare cash imports over a certain amount. Cash is King - and it avoids accounting procedures.
3. optional
danm 09/16/2013
I agree. Let's withdraw US bases on foreign soil, pull our troops back, eliminate subsidies to other nations and stop paying such a high percentage of the UN's budget and let you guys start sorting things out for yourself. If American exceptionalism is a myth then there certainly is no need for us to shoulder an exceptional amount of the burden? We should start behaving like Germany, France, Japan and Russia.
4. Do what I say, not what I do!
Inglenda2 09/17/2013
The USA and many of its allies always pretend to be fighting for democracy and freedom, but a close examination of the wars they have taken part in show only their desire to control the world markets. Even at the start of WW2, in which many American soldiers lost their lives, the USA wished to remain neutral. The danger of losing trade (not the aversion to the Nazi system), changed this attitude. Now it is possible to control world commerce digitally, so perhaps this may save a few lives, but it is certainly nothing to be proud of. International laws and courts are obviously only intended for other countries.
5. optional
danm 09/17/2013
The ironic thing here is that Obama is a constitutional law expert and one of the bedrock rights of this document is the right to privacy. One has to wonder what went through Obama's mind as he brought us to this point.
Show all comments
    Page 1    
Keep track of the news

Stay informed with our free news services:

All news from SPIEGEL International
Twitter | RSS
All news from World section
RSS

© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH



From DER SPIEGEL
Photo Gallery
Photo Gallery: The CIA's Secret Counter-Terrorism Project in Neuss

Photo Gallery
Photo Gallery: Spying on Smartphones


European Partners
Facebook
Twitter