On Saturday I was interviewed on SBS World News about the ATM heist that netted $45 million from 40,000 withdrawals over 26 countries. The video of the TV news segment (start at 09:05) is available online until 19 May.
It was an extremely sophisticated attack, involving not just hacking credit card payment processors and banks, but also eliminating the limits on prepaid debit cards before creating thousands of copies. Not surprisingly there are strong safeguards around tampering with the limits on cards, yet the gang managed to circumvent these.
On one level this is about bank robbers finding new chinks in the armor in which banks clad themselves. Financial systems evolve, and even while banks continually improve their protection, there will be ways to attack banks. Criminals attack banks because that’s where the money is.
As I noted in the TV interview, the most interesting thing about this attack is that it actually impacts money supply. The first heist in December 2012 netted $5 million, before a second much larger one two months later. It is not actually clear that the first theft was detected at the time, or how.
“The significance here is they are manipulating the financial system to be able to change these balance limits and withdrawal limits,” said Kim Peretti, a former prosecutor in the computer crime division of the Justice Department who is now a partner in the law firm Alston & Bird. “When you have a scheme like this, where the system can be manipulated to quickly get access to millions of dollars that in some sense did not exist before, it could be a systemic risk to our financial system.”
Theft is taking money from someone else. However we are at the point where crime can involve creating money where there was none before. At a sufficient scale, that could impact money supply and the integrity of the global financial system.
Bank security is not just about protecting banks. It is increasingly also about protecting the financial system.