- Joined
- May 15, 2016
- Messages
- 5,154
- Likes
- 2,576
- Points
- 1,730
In India, fraudsters were able to withdraw money from SBI bank ATMs for some time using a bug in the Timeout Error (the client did not withdraw the money from the withdrawal after the allotted time, the system takes it back). Moreover, they did these operations secretly and without writing off the clients' accounts, which allowed the fraudsters to use this method until a problem with the ATMs was revealed during an audit of the bank and the subsequent investigation into the theft of money.
According to the bank's explanation, two fraudsters were able to get a total of 2.52 lakh rupees (252 thousand rupees) in cash from an SBI ATM. They used several stolen or lost ATM cards to withdraw money repeatedly. The withdrawals were made in small amounts and continued between June 2022 and July 2023.
After withdrawing cash, the fraudsters usually left one note in the cash withdrawal slot of the ATM. This action caused the ATM to register the transaction as incomplete. However, this situation caused a Timeout Error in the ATM algorithm, which took the money back without checking that all the bills were there. Since the ATM marked the transaction as incomplete, the money was not debited from the account holders' balances. This trick ensured that there were no complaints from customers, and the fraud remained hidden for several months.
The scam was uncovered when the bank discovered minor discrepancies between the total amount of cash deposited into the ATMs and the amounts withdrawn. Initially, the bank's banking committee investigated the violations, but was unable to identify the problem. In the absence of leads or evidence, even the bank's employees came under suspicion.
A breakthrough in the investigation occurred when bank specialists reviewed CCTV footage from the ATMs. They discovered that the same people often visited certain ATMs using different stolen customer cards. The footage captured the suspects' actions, including leaving a single note in the cash-in/cash-out slot. SBI has forwarded the fraud to the police, who have registered a case under sections 406 (criminal breach of trust) and 420 (cheating) of the Indian Penal Code. The police are still searching for the fraudsters. No charges have been filed in this incident so far.
Following this incident, SBI has beefed up ATM security and rewritten the system's algorithm to prevent similar frauds in the future.
According to the bank's explanation, two fraudsters were able to get a total of 2.52 lakh rupees (252 thousand rupees) in cash from an SBI ATM. They used several stolen or lost ATM cards to withdraw money repeatedly. The withdrawals were made in small amounts and continued between June 2022 and July 2023.
After withdrawing cash, the fraudsters usually left one note in the cash withdrawal slot of the ATM. This action caused the ATM to register the transaction as incomplete. However, this situation caused a Timeout Error in the ATM algorithm, which took the money back without checking that all the bills were there. Since the ATM marked the transaction as incomplete, the money was not debited from the account holders' balances. This trick ensured that there were no complaints from customers, and the fraud remained hidden for several months.
The scam was uncovered when the bank discovered minor discrepancies between the total amount of cash deposited into the ATMs and the amounts withdrawn. Initially, the bank's banking committee investigated the violations, but was unable to identify the problem. In the absence of leads or evidence, even the bank's employees came under suspicion.
A breakthrough in the investigation occurred when bank specialists reviewed CCTV footage from the ATMs. They discovered that the same people often visited certain ATMs using different stolen customer cards. The footage captured the suspects' actions, including leaving a single note in the cash-in/cash-out slot. SBI has forwarded the fraud to the police, who have registered a case under sections 406 (criminal breach of trust) and 420 (cheating) of the Indian Penal Code. The police are still searching for the fraudsters. No charges have been filed in this incident so far.
Following this incident, SBI has beefed up ATM security and rewritten the system's algorithm to prevent similar frauds in the future.