100 thieves stole $12.7 million from ATMs in 2.5 hours

A gang suspected to be part of organized crime pulled off a $12.7 million heist at Japanese ATMs in less than 3 hours by using cloned credit cards from a South African bank.

atm cash machine money
Credit: Tax Credits

In less than three hours, at least 100 people helped pull off a $12.7 million heist by using cloned credit cards at ATMs in Japan. While organized crime may not equally split the spoils, if 100 people participated in the heist, then each of those people potentially made $127,000 for less than three hours of work. That’s a pretty slick trick.

The gang of thieves used the fake credit cards at 1,400 machines, according to a report in The Mainichi; each person withdrew the maximum amount of 100,000 yen, which is roughly $913, and repeated the process in each of the “14,000 transactions” that used more than 1,600 credit cards issued by a South African bank. The BCC reported the crooks “targeted 7-Eleven cash machines” since those ATMs accept foreign cards and most others don’t in Japan.

The fraudsters pulled off the heist in about 2 and a half hours on Sunday, May 15; the speedy crime spree started at shortly after 5 a.m. and was completed a little before 8 a.m. The Japan News added that the fraudulent withdrawals occurred in Tokyo and 16 prefectures. Since it was a Sunday and the banks were closed, and the cards were from a different country, it may have given the thieves time to flee Japan before the attack was discovered.

The Yomiuri Shimbun explained, “Since the cards were forged based on data leaked about credit cards issued by a bank in South Africa, police believe that an international criminal organization is involved.” The fraud was discovered after “a report from a bank that installed some of the ATMs.” The ATM transaction records indicated “that data related to about 1,600 credit cards issued by the South African bank were used. It is highly likely that the suspects abused the cashing function of the credit cards after forging the cards based on card data illegally obtained by hacking or other methods.”

Japanese police may not have named the bank, but South Africa’s Standard Bank acknowledged the heist and estimated its total losses at around $19 million, with the BBC reporting the amount was $19,250,000. It’s unclear why the bank is claiming over $19 million in losses when most news reports are claiming the thieves made off with $12.7 million (1.4 billion yen).

Standard Bank, which is Africa’s “biggest bank by assets” according to Bloomberg, issued a statement claiming it was a “victim of a sophisticated, coordinated fraud incident. This involved the withdrawal of cash using a small number of fictitious cards at various ATMs in Japan.” The bank added that there was “no financial loss for customers.”

Japanese police are reportedly reviewing security camera footage to identify the suspects as well as working with the bank and Interpol. Translated by Google, a Yomiuri Online second report mentions the Chinese, but the BBC added that no one has been arrested yet.

“From reports already released, it is evident that it is an incident of transnational organized crime that was well planned and executed,” the South African Banking Risk Information Center (Sabric) told Fin24. “Due to the sensitive nature of the investigation that is being conducted, it is understandable that the bank is not in a position to make any other information available at this stage.”

The ATM heist scenario may sound familiar, as there have been other cases using forged credit cards to fraudulently withdrawal cash from ATMs. The Yomiuri mentioned a case when thugs used fake cards at ATMs in 26 countries, between 2012 to 2013, to cash out 4.5 billion yen, which is a little over $41 million.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.