DOCSLIB.ORG

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email ARTICLE Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email Written by: Doron Woolf Date: April 7, 2017 Marcher is an Android banking Trojan, first detected in 2013, that continually evolves to stay active. The longevity and evolution of this malware is not surprising, given that mobile banking malware is the quickest and easiest way to grab money from victims. In fact, the mobile banking malware market is so hot, it grew 400% in 2016, 81% of which targeted Android phones.i That growth is somewhat expected since Android, with over 24,000 implementations, is the most popular smartphone operating system.ii That is a huge number of devices to test and secure, made more difficult by the fact that most Android phones are behind in critical patches and thus are more vulnerable to attack.iii As with any malware campaign, attackers must continually evolve to evade detection of their C&C servers and keep the cash flowing. Marcher inspects its infected devices carefully by using a dedicated, hard-coded configuration in each Android Package Kit (APK), Google’s file format for distributing and installing application software (like mobile banking apps) on the Android OS. Each APK has the ability to target different financial institutions in specific geographical locations. F5 research conducted in March 2017 followed 153 Marcher configuration files to uncover target and activity trends in the worldwide attack campaigns. Among the 153 configuration files, 54 distinct command and control (C&C) servers were detected. Of the 54 distinct C&C servers, 12 of F5. COM/LABS 1 them were online and operational (until F5 had them shut down in March), 10 were sink-holed, and 32 were already offline. The remaining 99 C&C servers were duplicated configurations from different APKs. This is likely due to configuration files being hardcoded within the APK, and old spam campaigns infecting different users, thus, old configurations still being detected in the wild. Figure 1: Marcher configuration status (left) and status of distinct C&C servers (right) as of March 2017 Global View of March Targets Analyzing the newest configuration files, Marcher’s March targets primarily focused on banks in Europe, followed by Australia, and then Latin America. Only 2% of targets were in North America. The targets within these regions were all banks, as well as their Android mobile banking apps available for download in the Google Play Store. Australia had one exception where an online classified ad site called Gumtree was targeted. The 7% “Global” are application and platform targets that are used worldwide such as the Android platform, social network companies like Facebook, email providers like Yahoo and Gmail, the WhatsApp and Viber messaging apps, PayPal, and eBay. (See target domain details driving these geographical breakdowns in the Marcher Targets section and Appendix A.) F5. COM/LABS 2 Global North America 7% 2% Latin America 12% Australia 15% Europe 64% Figure 2: Marcher targets by regions in March 2017 The following map shows the specific countries within the regions above that were targeted. The banks within those countries are detailed in Appendix A. Figure 3: Marcher-targeted countries, March 2017 F5. COM/LABS 3 Campaigns and Targets The common pattern in the latest configuration was distinct and repeated subfolders in the C&C details, such as 012, THREEHADFOUND, or jadafire. We classified the current online campaigns via these subfolder identifications as follows: • 012 campaigns spanned different geolocations in one campaign targeting Germany, Poland, Austria, and Australia • jadafire campaigns target Austrian and German banks, as well as social network apps globally • MANUNIT campaigns targeting German banks specifically • balls51 campaigns target banks in Austria, Germany, Argentina, UK, Colombia, Peru, and Mexico • THREEHADFOUND campaigns targeting German banks specifically • MUCHTHENWERESTO campaigns targeting German and Czech Republic banks • moon campaigns targeting Australian banks specifically • TRUELESSCARBLAC campaigns target German and Austrian banks • angelkelly campaigns target banks in UK, Germany, and France • QUESTIONROADFAR campaigns target French banks as well as social network apps globally C&C Servers Detected In the following table, we’ve listed the 54 distinct C&C servers detected, 63% of which were using HTTPS. While monitoring Marcher activity in March, F5 researchers shut down 12 malicious C&C servers that were detected. No. C&C Server Status 1 hxxp://stionguz.com/012/ Sinkholed 2 hxxp://asdhjfd24.ru/mail/ Offline 3 hxxp://propsyours.com/012 Sinkholed 4 hxxp://ausrusot.net/012 Sinkholed 5 hxxp://albumwink.net/012/ Sinkholed 6 hxxp://toddypross.net/012 Sinkholed 7 hxxp://aflyatok.men/012 Offline – shut down in March 2017 by F5 researchers 8 hxxp://samiy.site/012/ Offline – shut down in March 2017 by F5 researchers 9 hxxp://chaldear.com/012/ Sinkholed 10 hxxp://glennuniat.com/012/ Sinkholed F5. COM/LABS 4 11 hxxp://joguce.info/012/ Offline – shut down in March 2017 by F5 researchers 12 hxxp://ciorrigh.info/012/ Offline – shut down in March 2017 by F5 researchers 13 hxxp://policywings.bid/012/ Offline – shut down in March 2017 by F5 researchers 14 hxxp://wigthsingls.bid/012/ Offline 15 hxxp://limesysleys.bid/012/ Offline – shut down in March 2017 by F5 researchers 16 hxxp://namessheds.bid/012/ Offline – shut down in March 2017 by F5 researchers 17 hxxp://bastebirk.com/012/ Sinkholed 18 hxxp://shapewhisk.com/012/ Sinkholed 19 hxxp://ahongdeash.net/012/ Sinkholed 20 hxxp://nsdas213123aa.ru/at/ Redirecting to RevDl.com 21 hxxps://soldatenccarmytriptheleader.at/jadafire/ Offline 22 hxxps://fisttheexo.at/jadafire/ Offline 23 hxxps://soldatenccarmythegaynation.at/jadafire/ Offline 24 hxxps://soldatenccarmy.at/jadafire/ Offline 25 hxxps://exofisty.at/jadafire/ Offline 26 hxxps://soldatenccarmygoldenshower.at/jadafire/ Offline 27 hxxps://consulting-center-performace.com/MANYUNIT/ Offline 28 hxxps://grapfix-desgin-ltd24.at/MANYUNIT/ Offline 29 hxxps://service-consultiong-ltd-spain.net/MANYUNIT/ Offline 30 hxxps://soulreaver.at/balls51/ Offline – shut down in March 2017 by F5 researchers 31 hxxps://divingforpearls.at/balls51/ Offline 32 hxxps://olimpogods.at/balls51/ Offline 33 hxxps://176.119.28.74/balls51/ Offline – shut down in March 2017 by F5 researchers 34 hxxps://nvah2p123.org/THREEHADFOUND/ Offline 35 hxxps://nvoa324.net/THREEHADFOUND/ Offline 36 hxxps://brkleo34.org/THREEHADFOUND/" Offline 37 hxxps://app01.at/MUCHTHENWERESTO/ Offline 38 hxxps://app12.at/MUCHTHENWERESTO/ Offline 39 hxxps://ap11.at/MUCHTHENWERESTO/ Offline 40 hxxps://droidgrades.top/moon/ Offline – 404 41 hxxps://droidgrades.us/moon/ Offline – 404 42 hxxps://droidsg.pw/moon/ Offline – 404 43 hxxps://wasdashehe.net/TRUELESSCARBLAC/ Offline – shut down in March 2017 by F5 researchers 44 hxxps://wasdashehe.at/TRUELESSCARBLAC/ Offline – shut down in March 2017 by F5 researchers 45 hxxps://wasdashehe.com/TRUELESSCARBLAC/ Offline – shut down in March 2017 by F5 researchers 46 hxxp://45.32.240.33/1f/l/ Offline 47 hxxps://track-google.at/angelkelly/ Offline – 404 48 hxxps://trackgoogle.at/angelkelly/ Offline – 404 F5. COM/LABS 5 49 hxxps://secure-ingdirect.top/QUESTIONROADFAR/ Offline 50 hxxps://playsstore.net/QUESTIONROADFAR/ Offline 51 hxxps://playsstore.mobi/QUESTIONROADFAR/ Offline 52 hxxps://i-app4.online/MUCHTHENWERESTO/ Offline 53 hxxps://i-app5.online/MUCHTHENWERESTO/ Offline 54 hxxps://i-app1.online/MUCHTHENWERESTO/ Offline Table 1: C&C servers and their statuses, March 2017 The 12 C&C servers that F5 shut down in March were associated with three campaigns—012, balls51, and TRUELESSCARBLAC—that primarily targeted banks in Europe. 012 was the most active campaign targeting German, Polish, Austrian, and Australian banks, followed by TRUELESSCARBLAC that also targeted German and Polish banks. The balls51 campaign targeted Austrian, German, and UK banks, as well as Latin American banks in Mexico, Argentina, Colombia, and Peru. TRUELESSCARBLAC 25% 012 58% balls51 17% Figure 4: 12 Marcher campaigns running on 12 active C&C servers taken down in March 2017 Marcher Targets We detected 172 targeted domains in March 2017. As expected, the majority (93%) were banks. A smaller but interesting portion of the targets were email providers like Yahoo and Gmail, social network and messaging apps like Facebook, Viber, and WhatsApp, and Gumtree, an Australian online classified ad app. F5. COM/LABS 6 Social / Messaging Android Platform 2% 1% Email Providers Online Classifieds 3% 1% Banking 93% Figure 5: Marcher targets by industry Most of Marcher’s domain targets are Google Play Store links where customers download the Android mobile app. In turn, most of the Google Play downloads are banking apps, but Marcher is also targeting Facebook, Viber, WhatsApp, Gmail, HTC, and Yahoo Android apps. (Yahoo, with 81 webinjects, is the biggest target outside of banks. See webinject target explanations below.) In most cases, Marcher targets a bank’s main site, mobile site, and Google Play Store Android app download collectively. (See details in Appendix A.) Email provider directly (mail.com) Google Andriod Dev API Andriod App (via Apk-Files.org) Andriod App (via ApkMonk) Bank directly Andriod App (via Google Play) 0 10 20 30 40 50 60 70 80 90 Figure 6: Marcher domain targets by Google Play Store versus bank site directly F5. COM/LABS 7 The top 5 countries whose banks were targeted included Germany, Australia, France, Turkey, and Austria. The “Global” definition
Load more

Recommended publications
  • Guía Para El Uso De Canales Electrónicos. Canal Cajeros Automáticos
    GUIA PARA EL USO DE CANALES ELECTRONICOS CAJEROS AUTOMÁTICOS –ATM– INGENIERÍA DE PROCESOS INDICE INTRODUCCIÓN...........................................................................................................................................................3 1. CAJEROS AUTOMÁTICOS (ATM ) .............................................................................................................................5 1.1. Características y beneficios principales ............................................................................................................5 1.2. Operaciones Disponibles ...................................................................................................................................5 1.2.1. Extracción / Adelanto ..................................................................................................................................5 1.2.2. Link Pagos .....................................................................................................................................................5 1.2.3. Compras y Recargas .....................................................................................................................................5 1.2.4. Transferencias ..............................................................................................................................................5 1.2.5. Depósitos .....................................................................................................................................................5
    [Show full text]
  • Assessment and Review of Application of Responsibilities for Authorities
    Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Assessment and review of application of Responsibilities for authorities November 2015 This publication is available on the BIS website (www.bis.org) and the IOSCO website (www.iosco.org). © Bank for International Settlements and International Organization of Securities Commissions 2015. All rights reserved. Brief excerpts may be reproduced or translated provided the source is stated. ISBN 978-92-9197-376-7 (online) Contents 1. Executive summary ......................................................................................................................................................... 1 1.1 Methodology ........................................................................................................................................................... 2 1.2 Key findings of the assessment ........................................................................................................................ 2 2. Introduction ...................................................................................................................................................................... 4 2.1 Broader context of the Responsibilities assessment ............................................................................... 4 2.2 Scope and objective of the Responsibilities assessment ....................................................................... 5 3. Methodology ...................................................................................................................................................................
    [Show full text]
  • 2021 Prime Time for Real-Time Report from ACI Worldwide And
    March 2021 Prime Time For Real-Time Contents Welcome 3 Country Insights 8 Foreword by Jeremy Wilmot 3 North America 8 Introduction 3 Asia 12 Methodology 3 Europe 24 Middle East, Africa and South Asia 46 Global Real-Time Pacific 56 Payments Adoption 4 Latin America 60 Thematic Insights 5 Glossary 68 Request to Pay Couples Convenience with the Control that Consumers Demand 5 The Acquiring Outlook 5 The Impact of COVID-19 on Real-Time Payments 6 Payment Networks 6 Consumer Payments Modernization 7 2 Prime Time For Real-Time 2021 Welcome Foreword Spurred by a year of unprecedented disruption, 2020 saw real-time payments grow larger—in terms of both volumes and values—and faster than anyone could have anticipated. Changes to business models and consumer behavior, prompted by the COVID-19 pandemic, have compressed many years’ worth of transformation and digitization into the space of several months. More people and more businesses around the world have access to real-time payments in more forms than ever before. Real-time payments have been truly democratized, several years earlier than previously expected. Central infrastructures were already making swift For consumers, low-value real-time payments mean Regardless of whether real-time schemes are initially progress towards this goal before the pandemic immediate funds availability when sending and conceived to cater to consumer or business needs, intervened, having established and enhanced real- receiving money. For merchants or billers, it can mean the global picture is one in which heavily localized use time rails at record pace. But now, in response to instant confirmation, settlement finality and real-time cases are “the last mile” in the journey to successfully COVID’s unique challenges, the pace has increased information about the payment.
    [Show full text]
  • ARGENTINA Executive Summary
    Underwritten by CASH AND TREASURY MANAGEMENT COUNTRY REPORT ARGENTINA Executive Summary Banking The Central Bank of Argentina (Banco Central de la República Argentina – BCRA) has autonomous status under the BCRA Law of 2003. The central bank is responsible for implementing monetary and financial policy in pursuit of its core objective of preserving the value of the Argentine peso (ARS). The central bank carries out regulatory supervision of the financial sector via the Superintendency of Financial and Foreign Exchange Institutions (SEFyC). The central bank monitors statistics on cross-border transactions for balance of payments purposes. Both resident and non-resident entities may hold domestic (ARS) and foreign currency accounts locally and abroad. There are currently 62 banks operating in Argentina, of which 49 are privately owned, with the remainder nationally, provincially or municipally owned. There are also 15 finance companies and one credit cooperative. The 2001–2002 economic crisis and currency devaluation resulted in a wide-scale run on the banks by consumers and a withdrawal by a number of foreign banks; customer confidence and foreign investment in the banking sector has taken time to recover. Payments There are three clearing systems for payments authorized by the central bank: one RTGS system, one high-value payment system and one retail clearing system. Public mistrust of the banking sector following the economic crisis of 2001–2002 led to a significant increase in the use of cash for retail and commercial payments. Cash remains an important means of payment, particularly for consumers, although the check is by far the most important non-cash instrument.
    [Show full text]
  • FR26/2015 Assessment and Review of Application of Responsibilities for Authorities
    Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Assessment and review of application of Responsibilities for authorities November 2015 This publication is available on the BIS website (www.bis.org) and the IOSCO website (www.iosco.org). © Bank for International Settlements and International Organization of Securities Commissions 2015. All rights reserved. Brief excerpts may be reproduced or translated provided the source is stated. ISBN 978-92-9197-376-7 (online) Contents 1. Executive summary ......................................................................................................................................................... 1 1.1 Methodology ........................................................................................................................................................... 2 1.2 Key findings of the assessment ........................................................................................................................ 2 2. Introduction ...................................................................................................................................................................... 4 2.1 Broader context of the Responsibilities assessment................................................................................ 4 2.2 Scope and objective of the Responsibilities assessment ....................................................................... 5 3. Methodology ...................................................................................................................................................................
    [Show full text]
  • Assessing Payments Systems in Latin America
    Assessing payments systems in Latin America An Economist Intelligence Unit white paper sponsored by Visa International Assessing payments systems in Latin America Preface Assessing payments systems in Latin America is an Economist Intelligence Unit white paper, sponsored by Visa International. ● The Economist Intelligence Unit bears sole responsibility for the content of this report. The Economist Intelligence Unit’s editorial team gathered the data, conducted the interviews and wrote the report. The author of the report is Ken Waldie. The findings and views expressed in this report do not necessarily reflect the views of the sponsor. ● Our research drew on a wide range of published sources, both government and private sector. In addition, we conducted in-depth interviews with government officials and senior executives at a number of financial services companies in Latin America. Our thanks are due to all the interviewees for their time and insights. May 2005 © The Economist Intelligence Unit 2005 1 Assessing payments systems in Latin America Contents Executive summary 4 Brazil 17 The financial sector 17 Electronic payments systems 7 Governing institutions 17 Electronic payment products 7 Banks 17 Conventional payment cards 8 Clearinghouse systems 18 Smart cards 8 Electronic payment products 18 Stored value cards 9 Credit cards 18 Internet-based Payments 9 Debit cards 18 Payment systems infrastructure 9 Smart cards and pre-paid cards 19 Clearinghouse systems 9 Direct credits and debits 19 Card networks 10 Strengths and opportunities 19
    [Show full text]
  • UNICEF-Annual-Report-2018 Revised 1.Pdf
    Annual Report 2018 For every child, every right Data in this report are drawn from the most FRONT COVER: Jasmin, 7, washes her and other United Nations agencies, annual clothes in the sea near the Shamlapur reports prepared by UNICEF Country Offices refugee camp. She is one of many and the Annual Report of the Executive thousands of Rohingya who have sought Director of UNICEF presented to the refuge from Myanmar in Cox’s Bazar Executive Board, 11–13 June 2019. District, Bangladesh. © UNICEF/UN0203392/Sokol For any corrigenda found subsequent to printing, please visit our website at www.unicef.org/publications PAGE 3: UNICEF Executive Director Henrietta H. Fore joins children in their ISBN: 978-92-806-5032-7 classroom during a visit to the Alexandria School in a rural area of northern Hama, © United Nations Children’s Fund (UNICEF) Syrian Arab Republic. June 2019 © UNICEF/UN0264631/Al-Droubi Annual Report 2018 For every child, every right UNICEF Annual Report 2018 MESSAGE FROM THE EXECUTIVE DIRECTOR On a clear, cold morning in January 2018, I walked and medical care they need. The families reunited with through the front door of UNICEF headquarters in New children who have been recruited into armed forces and York to take up my new role as Executive Director. I felt armed groups. The refugee children finding the protection privileged to begin leading an organization with a noble and opportunities they could not find at home. mission: protecting the rights of every child. But I wanted to do something more. I wanted to open up opportunities The often painful stories of the children and young people for every child.
    [Show full text]
  • 08 Certification
    Management Report SALES AND DISTRIBUTION NUMBER OF DEPOSIT ACCOUNTS Checking Accounts, Savings Accounts and Time Deposits Evolution of Customers, Transactions, ABMs 1.800.000 and Service Points 1.700.000 1.600.000 1.500.000 Digital channels have maintained their 1.400.000 upward trend, consolidating customer 1.300.000 preference as transactional channel, 1.200.000 and they are gradually incorporated as 1.100.000 1.000.000 a business channel and for obtaining 2013 2014 2015 new products. Omnichannel retail is then becoming real as a result of This significant transaction volume customers requirements. illustrates that efforts to guide customers to the various digital channels available to the Bank, have The total number of transactions by been successful. As shown in the digital channels grew by 36.2%, with chart, in 2015 91.1% of customer more than 205 million transactions transactions were carried out via digital channels. during the year. It must also be noted that usability TRANSACTIONS AT BRANCHES testing methods have been included in AND ALTERNATIVE CHANNELS order to improve the customer Million annual transactions experience, which require a high technological level of the service 200 platform of our Bank and 24/7 availability. 150 In order to continue strengthening 100 and upgrading the network of automatic machines, there was 50 investment for the purchase and installation of equipment, including 0 smart deposit machines where cash 2013 2014 2015 can be inserted and recognized, and Trans. at Branches Trans. Alternative Channels new features were added to e-BROU Montevideo Bay- Montevideo 61 Management Report (borrowing, account opening, online REDBROU Self Service Banking payments, preferential rate term investments) and to mobile banking At the end of 2015, there was a (Multipagos, transfers, etc.).
    [Show full text]
  • A Closer Look at Argentina
    treasury practice ARGENTINA A CLOSER LOOK AT ARGENTINA THIS YEAR’S TREASURER’S HANDBOOK CONTAINS A MINE OF TREASURY-RELATED INFORMATION ABOUT MORE THAN 40 JURISDICTIONS. CLAUDIO MIGLIORE PROVIDES THE LOWDOWN ON ARGENTINA. his country guide provides a brief summary of some of the key regulatory, banking and cash management aspects ‘AS PART OF THE FINANCIAL which treasurers need to consider when undertaking CRISIS, BANK CREDIT HAS BEEN T commercial activities in Argentina. RESTRICTED SEVERELY, WHILE FINANCIAL REGULATORY FRAMEWORK MANY CREDIT RECIPIENTS HAVE The central bank, Banco Central de la República Argentina (BCRA), DEFAULTED ON THEIR DEBT OR is charged with the regulation, inspection and supervision of all financial institutions. At the same time, it is responsible for HAVE RENEGOTIATED TERMS’ controlling money supply and monetary stability. As part of its supervisory function, the BCRA mandates and oversees a private deposit insurance corporation called SEDESA, which collects E-COMMERCE LEGISLATION. A comprehensive digital signature bill insurance premiums from banks and covers (up to ARS30,000 per was signed into law late in 2001. It places digital documents and person) deposits maintained by Argentine residents in financial digital signatures on an equal footing with their paper counterparts institutions. and puts the burden of proof on those disputing the validity of a digitally signed document. FOREIGN EXCHANGE POLICY AND REGULATION. Since 1991, There are currently no restrictions on foreign investment or the central bank had followed a policy of maintaining a one-to- ownership. However, capital inflows and outflows require central bank one relationship between the local currency, the peso, and the US authorisation and may be subject to delays, especially on the outflow dollar.
    [Show full text]
  • Competitive Conditions Analysis on the Credit Cards, Debit Cards and Electronic Means of Payment Detailed Summary 1. Legal Frame
    Competitive Conditions Analysis on the Credit Cards, Debit Cards and Electronic means of Payment Detailed Summary 1. Legal Framework 1. In Argentina, the Payment Cards Market is regulated by Act 25,065, modified by Act 26,010 in 2005, known as the “Credit Cards Act” (hereinafter the “LTC” for its Spanish acronym). The LTC establishes that the Central Bank of the Argentine Republic (BCRA for its Spanish acronym) and the Secretary of Commerce shall act as enforcement authorities under said legislation. 2. In Argentina, there are three different kinds of cards which can be used as payment methods: credit, debit and purchasing cards. The LTC stipulates that while credit and purchasing cards can be issued by a licensed financial institution, debit cards shall only be issued by banks authorized by the BCRA. Therefore, entry barriers for the issuance of debit cards are the same than entering the banking institutions market, being more economically burdensome than the barriers to enter the credit cards market. 3. Additionally, article 15 of the LTC regulates the merchant discount fee that shall be charged in every respect, setting a cap of 3% for credit cards and 1.5% for debit cards. Furthermore, the LTC stipulates that different fees shall not be charged “among businesses acting under the same activity or offering similar products or services”. 2. Economic Analysis 4. The Electronic Payment System Market is defined by the economic literature as a bilateral or two-sided market.1 Therefore, an Electronic Payment System not only provides services to two groups of clients (shops and cardholders), but also has a joint demand, since the service only is valuable if both sides of the market agree on using it.
    [Show full text]
  • American Express® Globaltravel Card
    American Express® GlobalTravel Card Lista de Caixas Eletrônicos dos países mais visitados O American Express® GlobalTravel Card é emitido pela American Express Travel Related Services Company, Inc. constituída no Estado de Nova York, EUA. ® Marca comercial registrada da American Express. 12-03645-013 (02/14) Onde Usar Com o seu American Express® GlobalTravel Card você tem acesso a dinheiro em moeda local em todo o mundo. O Cartão pode ser utilizado para saques em caixas eletrônicos (ATMs) onde os Cartões American Express são aceitos, incluindo os bancos e redes de caixas eletrônicos parceiros abaixo. Ligue para a Central de Atendimento para consultar informações específicas de um país que não consta abaixo. País de Destino Moeda Local Parceiros Conveniados (Cobrança de tarifa será aplicada. Favor consultar as informações abaixo.) Berliner Volksbank, Deutsche Bank, ING DiBA, Alemanha Euro Sparkasse, Rede de Caixa Eletrônico EUFISERV BBVA, Itaú, Macro, Nación, Provincia, Santander, Rede de Caixa Eletrônico Argentina Peso Argentino Banelco, Rede de Caixa Eletrônico Redlink Brasil Real Bancos conveniados American Express, Rede de Caixa Eletrônico Banco24Horas Chile Peso Chileno Santander Banco Popular, Banesto, Barclays, BBK, BBVA, Caja Duero, La Caixa, Santander, Rede de Espanha Euro Caixa Eletrônico , Rede de Caixa Eletrônico Euro 6000, Rede de Caixa Eletrônico Bank of America, Citibank, EUA Dólar Americano Rede de Caixa Eletrônico , Rede de Caixa Eletrônico (incluindo caixas eletrônicos da maioria dos grandes bancos) Banque Populaire,
    [Show full text]
  • GUIDELINES for USING BANRED CARD This Document Is Submitted to You with the Purpose of Providing You with the Information On
    GUIDELINES FOR USING BANRED CARD This document is submitted to you with the purpose of providing you with the information on the services of ATMs and BANRED-MAESTRO Debit Cards (hereinafter, the “Card”) issued by Banque Heritage (Uruguay) S.A. (hereinafter, the “Bank”) and the Contract for the Lease of ATMs and debit card, Banred-Maestro Card (hereinafter the “Contract”) WITHDRAWALS AND DEPOSITS 1 a) The Client may make cash withdrawals and inquiries on a 24x7x365 basis b) The Client is authorized to operate (deposits in cash and/or checks issued against Banks of Uruguay and withdrawals) at BANRED ATMs in Uruguay and in associated networks abroad. Client may withdraw a maximum of $U 20,000.- (Twenty Thousand Uruguayan Pesos) and US$ 1,000.- (One Thousand United States Dollars) per day. The Client may make up to five withdrawals per day, without any cost. The abovementioned limits may be modified, and notice will be given to the Client duly in advance. Likewise, maximum cash withdrawal limits abroad may vary according to the ATM's managing entity. c) Balances and movements reported at the ATMs will be those effected at closing of the business day before the transaction was made. d) Cash withdrawals outside Uruguay may only be made in the local currency of the country where the Client is operating. If the Client intends to use the Network in Brazil, the right option to choose for cash withdrawals is "ContaPoupança". PURCHASES a) The Client is authorized to make purchases (POS) in Uruguay and abroad at all shops affiliated to the MAESTRO network.
    [Show full text]