A number of 14 individuals have been charged on suspicion of stealing over $1 million (800,000 EUR) from Citibank by exploiting a vulnerability in the bank’s electronic transaction security protocols. 13 of the suspects were arrested last week by law enforcement authorities.
In order to steal all the money from cash advance kiosks placed at casinos located in Nevada and Southern California, the thieves leveraged a flaw which allowed them to make multiple withdrawals within a 60 second timeframe.
The mastermind of the scheme, 29-year-old Ara Keshishyan, recruited the other suspects and had them open multiple Citibank checking accounts in which they deposited “seed” money.
Then, they visited various casinos and leveraged the security hole to withdraw the amount of money deposited into the accounts several times within the 60 second period.
In order to avoid raising any suspicion, the deposits and withdrawals were kept under $10,000 (8,000 EUR). This way they were able to bypass federal transaction reporting requirements.
The suspects have been charged with conspiracy to commit bank fraud and conspiracy to illegally structure financial transactions to avoid reporting payments.
The mastermind of the scheme is also charged with 14 counts of bank fraud and, if found guilty, he could spend the rest of his life behind bars, considering that each count of bank fraud is punishable by up to 30 years in prison.
“While advancements in technology have created a world of accessibility to users and a convenience for consumers, they have also left room for criminals to exploit even the smallest of loopholes,” FBI Special Agent in Charge Daphne Hearn said.
“For over 100 years the FBI has kept pace with technological and communication changes in the business world where these types of electronic transactions are the standard and we will continue to do so in order to help protect commercial enterprise and our nation’s economy.”