Crooks broke into the computer network of FIS earlier this year, upped the limits on pre-paid cards, cloned them and then withdrew $13 million from ATMs around the world, according to security blogger Brian Krebs.
In its first quarter earnings release, posted in May, FIS revealed it had taken a $13 million hit in connection with its Sunrise pre-paid card platform.
The loss "related to unauthorised activities involving one client and 22 prepaid card accounts" and the company also identified 7170 pre-paid accounts that may have been at risk.
According to Krebs, citing sources close to the investigation, the loss came after hackers broke into FIS's network and targeted the Sunrise platform's "open-loop" pre-paid debit cards.
The thieves managed to "drastically increase or eliminate the withdrawal limits for 22 pre-paid cards that they had obtained. The fraudsters then cloned the pre-paid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine."
After close of business in the US on 5 March, gang members in Greece, Russia, Spain, Sweden, Ukraine and the UK used the cloned cards to withdraw cash from dozens of ATMs.
FIS has not commented on Krebs's claims and the FBI will not confirm or deny that it is investigating.
The alleged plot is strikingly similar to a 2008 attack on RBS WorldPay's systems, which compromised the encryption used by the processor to protect customer data on payroll debit cards.
This allowed criminals to raise the limits on accounts before handing over 44 counterfeit payroll debit cards to a network of "cashers" who withdrew over $9 million in less than 12 hours from more than 2100 ATMs in at least 280 cities worldwide.
Coordinated ATM Heist Nets Thieves $13M - KrebsonSecurity