ATM heist clears $1 million exploiting Citigroup e-payment flaw
Federal authorities said they uncovered an advanced bank heist that defrauded Citigroup of more than $1 million by exploiting a security loophole in the way it handles electronic payments.
The scam worked by simultaneously withdrawing funds from cash advance kiosks maintained in at least 11 casinos located in California and Nevada, according to an indictment unsealed late last week in federal court in San Diego. Alleged ringleader Ara Keshishyan recruited at least 13 people to make transactions from different kiosks in each location. To exploit the weakness, the multiple advance requests had to be near identical and had to be made in the same 60-second window, FBI officials said in a press release.
"In order to obtain the case, the conspirators exploited a loophole in Citi's account security protocols, which caused Citi's account reconciliation systems to treat identical, near-simultaneous withdrawals as duplicates of a single withdrawal from an individual Citi Checking account," prosecutors alleged in the indictment.
