Co-ordinated thefts from ATM’s in Japan

Using an ATM - Compliance3

We’ve written in the past about data breaches, where customers’ card details are stolen, and while the press tend to dwell on the ongoing risks to customers as a result of their data being compromised, it’s rare for the subsequent exploitation of data breaches to make news.

This week, however, saw the news of an audacious and sophisticated attack using stolen account data to create 1,600 fake payment cards and then steal nearly $13 million dollars from South Africa’s Standard Bank.

The thieves exploited the high maximum withdrawal amounts allowed in Japan, where the maximum amount that can be withdrawn from an ATM is ¥100,000 (or about £630), and withdrew that maximum amount 14,000 times from 1,400 machines.

The targeted machines were installed in 7-11 stores across Japan, unusually for Japan these particular machines accept international cards.

The thefts took place over a three hour period, early on the morning of Sunday May 15th, that would be late Saturday night in South Africa.

While customers have not suffered any losses, Standard Bank estimate their total losses to be close to $19 million.

Standard Bank described the heist as “a sophisticated, co-ordinated fraud incident” involving what it said was a “small number” of fake cards from account data belonging to it.