Home / Crime / $9 million in 30 minutes in a Global ATM scam

$9 million in 30 minutes in a Global ATM scam

Following hot on the heels of the Heartland Payments Systems data breach, which compromised nearly every payment card in America, news broke yesterday on New York's Fox 5 that RBS WorldPay not only had the data hacked for around 1.5 million payroll and gift cards back on December 23rd, but also that the mag stripe and other information must have been gained as well. 

Shortly after midnight Eastern Time on November 8th, a co-ordinated global attack took place in thirty minutes withdrawing $9 million from ATMs by lifting the limits on each card: 


More than 130 ATMs in 49 cities from Moscow to Atlanta were hit simultaneously.

It is interesting that this is a bit worse than the RBS press release made out back in December:

"RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer system had been improperly accessed by an unauthorized party.
RBS WorldPay has urgently taken a number of important steps to mitigate risk in response to this situation. The issue, which affected pre-paid cardholders and other individuals, was identified on November 10 and law enforcement agencies and federal regulators were notified by RBS WorldPay shortly thereafter …

"Actual fraud has been committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed."

100 cards, 130 ATMs, 49 cities, $9 million.

Although using mules to get cash across different countries is not unusual, the code breaking on gift and payroll cards to lift the card limits is more unusual.

And it's more bad news for RBS after their Chairman, Sir Tom McKillop, stepped down early yesterday after disappointing shareholders over his poor management of Sir Fred Goodwin.

Aw shucks.

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

The truth about bitcoin

It’s been an interesting few weeks, watching bitcoin’s rollercoaster ride as it rises to valuations …

  • Hi,
    In a clever piece of news management, RBS first reported a breach of its computer systems and the fraudulent use of 100 cards in a press release that was issued during the busy pre-Christmas season on 23 December. The bank confirmed that its computer system had been improperly accessed in November by an unauthorised party and that the personal information of 1.5 million pre-paid cardholders had been compromised.
    ATM Machines