Late last week prosecutors unsealed Federal court documents that charge eight men with stealing $45 million dollars from numerous global banks to pay for high-end watches, expensive cars and other luxuries. In December 2012 and February of this year, the prosecutors allege that these men withdrew $2.8 million dollars from ATMs in only two attacks throughout the New York City area. The additional $42 million was withdrawn from other banks around the world by a team known as a “cashing crew.”
Authorities say that the global crime ring used prepaid debit cards in addition to hacked bank account numbers and PINs to withdraw the money in six continents and 27 different countries. The simple version of how they pulled this off is as follows: the hackers hacked their way into the banks’ systems and radically increased the values that were loaded onto the cards. Then with the information they obtained about the accounts, account and PIN numbers, used the cards to go on an ATM emptying spree.
In total, the operation needed over 40,000 individual transactions over the course of several months. It has been described as a “virtual criminal flash mob, going from machine to machine drawing as much money as they can before these accounts are shut down.” The eight suspects arrested in NYC followed what seemed to be a pre-planned route around the island of Manhattan, seemingly making a loop around Central Park. Those arrested had pictures on their cell phones of piles of $20 bills and also purchased a couple Rolex watches, a Porsche and Mercedes SUV.
This story not only caught my eye because of the sheer number of money stolen but also because of how the thieves went about pulling it off. In effect, they traded out ski masks and guns for computers and an internet connection. While the ringleaders were able to do the majority of the leg work online without much risk of being caught they still had to rely on “foot soldiers” to carry out the rest of the process.
The fact that this involved prepaid debit cards is what piqued our interest here at HMS as we value the security of debit and credit card processing. Attacks like this are a great reminder of why there are the comprehensive checks and security measures when it comes to card transactions. The fact that the authorities were able to trace these transactions, track down those involved, and arrest them is a testament to the vigilance of those enlisted to watch for fraud and other malicious activities when it comes to the financial services industry.
Being reactive is sometimes not enough though. Because of these recent events we are likely to see regulations and more security put in place in an effort to become more proactive in preventing attacks like this from occurring in the future. Who knows exactly what this will mean for the industry? For that we will just have to stay tuned.
