Earlier this month, a group of criminals in Japan managed to steal $12.7 million (1.4 billion yen) from 1,400 ATMs across that country in an attack reminiscent of an Internet “flash mob.”
According to a report by The Japan News, a large, coordinated group of criminals used counterfeit credit cards made with account information from a South African data breach to make 14,000 transactions in just over 2 hours.
The thieves struck early on the morning of May 15, between 5 a.m. and 8 a.m., and targeted ATMs owned by Seven Bank installed in 7- Eleven convenience stores (both the bank and convenience stores are subsidiaries of the same Tokyo-based company).
Those ATMs accept foreign transactions and are open 24 hours a day, which may have been why they were chosen. Most banks in Japan do not accept foreign debit or credit cards for ATM withdrawals. Seven Bank ATMs also accept magnetic-stripe cards, which are much easier to counterfeit than cards with integrated chips.
Police suspect more than 100 people may have participated in the crime, taking out the limit of $915 allowed per withdrawal for each of the maximum 10 transactions per card allowed at each ATM per day.
The Japan Times reports that Japanese police suspect a Malaysian group in the heist, and have placed members on an international wanted list.
This is far from the first time such an attack has taken place in the country. In 2012, an international criminal group stole $45 million from ATMs around the world, making 36,000 transactions in about 10 hours. The hardest-hit country was Japan, where $10 million was stolen from banks.
The Seven Bank case would seem to provide more motivation for banks around the world to move to a more secure EMV standards.
Follow me on Twitter: @claesbell.