RBS WorldPay, the US payments processing arm of Royal Bank of Scotland Group, allegedly lost $9 million in a 30-minute period during a global ATM heist that involved 100 cloned cards in 49 cities worldwide.
In a clever piece of news management, RBS first reported a breach of its computer systems and the fraudulent use of 100 cards in a press release that was issued during the busy pre-Christmas season on 23 December. The bank confirmed that its computer system had been improperly accessed in November by an unauthorised party and that the personal information of 1.5 million pre-paid cardholders had been compromised.
But the true extent of the fraud has been revealed in a report on New York Fox 5. Law enforcement officials from the FBI told the channel that a network of cashiers was used to withdraw money from 130 different ATM machines in 49 cities worldwide shortly after midnight on 8 November.
Although only 100 cloned cards were used, the hackers behind the swindle managed to withdraw up to $9 million by lifting the daily withdrawal limits on each card, so that they could be used over and over again.
So far, the FBI has no suspects and has made no arrests in this scam. An attorney in Atlanta has filed a class-action lawsuit against RBS WorldPay for allegedly failing to protect personal information.
FBI investigates 49 million ATM scam - myfoxny.com