$55m ATM heist mastermind pleads guilty

$55m ATM heist mastermind pleads guilty

A Turkish man accused of masterminding a series of ATM cyberheists that netted his gang $55 million, has pleaded guilty in a New York court.

Ercan Findikoglu pleaded guilty in federal court in Brooklyn to five counts, including computer intrusion conspiracy, according to Reuters.

According to authorities, Findikoglu hacked the computer networks of at least three payment processors, sought out Visa and MasterCard prepaid cards and increased their account balances. He then allegedly managed a team that gave the stolen card data to teams of "cashing crews" around the world that carried out three coordinated raids of tens of thousands of ATM withdrawals.

The first cash-out affected cards issued by JPMorgan Chase and used by the American Red Cross and happened in February 2011, with $10 million taken in around 15,000 withdrawals in at least 18 countries. A second attack in December 2012 involving cards issued by National Bank of Ras Al-Khaimah took $5 million, while a third, in February 2013, saw the gang use Bank Muscat card data to steal $40 million in 36,000 withdrawals in 24 countries.

Findikoglu and other high-ranking gang members received the proceeds from other co-conspirators in various forms, including by wire transfer, electronic currency and the personal delivery of cash, it is alleged.

He was arrested in Germany in late 2013 and spent 18 months in jail there before being extradited last summer and initially pleading not guilty to 18 charges.

Comments: (2)

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 02 March, 2016, 16:55Be the first to give this comment the thumbs up 0 likes

Why none of these processors able to put any control for Prepaid card issuance such as Keep card DEACTIVATED till it is issued to customer hopefully after Full or Partial KYC and Risk profiling??

How such bug numbers go totally unnoticed ??

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 03 March, 2016, 10:21Be the first to give this comment the thumbs up 0 likes

These heists were widely reported at the time, including by me:)

Why Is This Data Breach Different?

The annual US market for prepaid cards is $$$B. Even breakage on prepaid cards is believed to be a $$B market. Compared to that, $55M fraud loss is peanuts.

Mandating more and more security measures leads to more and more friction. That's usually a recipe for disaster - end of the day the purpose a business is to make revenues and profits, not prevent fraud. Smart businesses will never endanger a $$$B market by taking measures that may - or may not - prevent a $$M loss that won't even appear on the second decimal place of revenues. End of the day, any payments business involves the risk of fraud and, beyond a certain point,

Mitigating Fraud Does Not Pay The Bills 

It's not only me.

According to MasterCard / Javelin Research, overzealous security measures have killed 13X more revenues than the amount lost to fraud.