Friday, 10 May 2013
US charges cyber-crooks over US$45 million ATM crime
The money was stolen from two Middle Eastern banks. The reported losses have risen significantly since I first commented on the attacks in a post on 7th February 2013. It's interesting to note that, of the 8 US citizens arrested, 7 originated from the Dominican Republic. According to the latest European ATM Crime report published by EAST, the USA and the Dominican Republic are the top two locations for ATM related fraud losses for counterfeit (skimmed) European cards.
This is worrying stuff for US card issuers. Such a scam is not so easy to perpetrate on EMV (Chip and PIN) cards. As a chip is not present on a cloned (counterfeit) EMV card the clone can't be used for ATM cash withdrawals (unless the EMV card issuer allows it and most now don't). Now that the cyber-criminal community has woken up to how easy it is to perpetrate this type of crime against non-EMV cards, their sights are likely to be set on US issued mag-stripe only cards, or non-EMV cards from other countries.
It is good to see that, if convicted, the defendants face a maximum sentence of 10 years' imprisonment on each of the money laundering charges and seven and a half on the conspiracy to commit access device fraud charge, restitution, and up to $250,000 in fines. Nonetheless, criminals like to get easy cash, and this case may well spark copycat cyber-attacks.