RSS Alerts

Share

More services

Related Stories

Top 5 Stories

News

Visa reveals $11 million ATM heist

07 February 2013

Some ring in the New Year with champagne, others with highly coordinated theft operations. In the latter camp, Visa has revealed that cybercriminals pulled off an $11 million ATM heist as 2012 wound to a close.

Perpetrators used re-loadable prepaid debit cards to withdraw money from ATMs globally, increasing or eliminating the withdrawal limits for the prepaid accounts they controlled. It’s a technique that Visa doesn’t think we’ll see the last of. It has sent a private warning (obtained by Brian Krebs at Krebsonsecurity.com) to payment card issuers to be vigilant about additional campaigns.

“Visa has been alerted to new cases where ATM Cash-Out frauds have been attempted and successfully completed by organized criminal groups across the globe,” Visa said in the alert. “In a recently reported case, criminals used a small number of cards to conduct 1000’s of ATM withdrawals in multiple countries around the world in one weekend.”

Krebs said that the thieves first struck on Christmas Eve 2012.

“Using a small number of re-loadable prepaid debit cards tied to accounts that they controlled, scammers began pulling cash out of ATMs in at least a dozen countries,” Krebs noted. “Within hours, the perpetrators had stolen approximately $9 million.”

Then, just under $2 million was taken from a card network in India just prior to New Year’s Eve.

“These attacks result from hackers gaining access to issuer authorization systems and card parameter information,” Visa said. “Once inside, the hackers manipulate daily withdrawal amount limits, card balances and other card parameters to facilitate massive fraud on individual cards. In some instances over $500K USD has been withdrawn on a single card in less than 24 hours.”

Other details – such as which card issuers were compromised – have not been made public.

This is not the first time an ATM heist has hit the headlines. In August 2011, a theft involving 22 prepaid debit cards netted thieves around $13 million. The hackers allegedly altered the maximum daily withdrawal limits in that case as well.

The victim was Florida-based Fidelity National Information Services, which bills itself as the world’s largest processor of prepaid debit cards and claims to process more than 775 million transactions annually.

This article is featured in:
Application Security  •  Data Loss  •  Identity and Access Management  •  Industry News  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×