ATM heist netted $13 million in a day

A group of criminals managed to steal $13 million in one day from ATMs in six different countries.

The heist, which exploited a flaw in the systems of prepaid debit card processing firm Fidelity National Information Services (FIS), took place in May. As many as 7,170 prepaid accounts may have been put at risk, and three individual cardholders’ non-public information seems to have been disclosed.

Security researcher Brian Krebs says that his sources say that cyber thieves broke into the FIS network and targeted its Sunrise platform’s ‘open-loop’ prepaid debit cards.

The balances on these cards aren’t stored on the cards themselves, but in records on a central database to which the cards correspond. There’s a limit on the amount that can be withdrawn in any 24-hour period.

But, it seems, the criminals were able to drastically increase the withdrawal limits on 22 stolen prepaid cards – which they then cloned and distributed to members of the gang in cities in Europe, Russia and Ukraine.

“Sources say the thieves waited until the close of business in the United States on Saturday, March 5 2011, to launch their attack. Working into Sunday evening, conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom used the cloned cards to withdraw cash from dozens of ATMs,” says Krebs.

“Armed with unauthorized access to FIS’s card platform, the crooks were able to reload the cards remotely when the cash withdrawals brought their balances close to zero.”

FIS isn’t commenting on the breach. But, as Krebs points out, the technique used seems to be very similar to an attack in 2008 against RBS WorldPay, a US unit of the Royal Bank of Scotland.