Credit card theft is becoming a grave threat to the financial ecosystem, and the recent theft of JPY 1.4bn is a clear example of why credit cards are an insecure payment method. Hackers managed to clone several dozen credit cards and withdraw cash from Japanese convenience store ATMs.
Japan Convenience Store ATMs and Stolen Credit Cards
According to the information made available to the public at press time, it appears as if hackers managed to obtain a significant amount of credit card details through a South African bank breach. Although these details have not been confirmed at this time, the Japanese police will work with South African authorities to look into the theft of this data.
Hackers managed to obtain sensitive credit card information, including the data stored on the magnetic stripe, to clone cards and use them to make ATM withdrawals. What is even more strange is how these cards — allegedly obtained through the South African bank leak — were used to withdraw cash from ATMs located in Japanese convenience stores.
In total, 1.4 billion yen — or $12.7 million USD — has been withdrawn from over 1,400 ATMs located in convenience stores across Japan. It took the hackers a total of two hours to withdraw all of this money. However, given the scope of this operation, it is believed over 100 individuals were involved in this wave of ATM withdrawals.
All of these transactions took place on the morning of May 15 in Tokyo and 16 other prefectures across the country. Every transaction was made for 100,000 yen, which is the ATM transaction limit in convenience stores in Japan. Quick calculations show that this group of criminals had to make a total of nearly 14,000 different withdrawals to collect the amount of money. A total of seven bank ATMs were used for these transactions.
Preliminary investigation results indicate a total of 1,600 credit cards were used to withdraw the 1.4 billion yen. If there were over 100 people involved in this process, that means every thief had to use over a dozen different credit cards and make withdrawals for 100,000 yen each. Coordinating such an attempt is tough, yet it also goes to show how easy it is for criminals to withdraw massive amounts of cash through ATMs without immediately raising suspicion.
Moreover, this also shows how insecure credit cards are, and why storage solutions for this sensitive data are direly needed. It remains unclear as to whether or not hackers managed to obtain the credit card details through breaching a South African bank’s database. What is clear, however, is that banks are facing a lot of attacks as of late, and present very few answers to upgrade their cybersecurity protocols.
Events like these will not transpire in the world of Bitcoin and cryptocurrency, as there is no centralized database collecting sensitive payment information. Bitcoin users control the private key required to spend funds, and transaction logs do not contain this confidential information. In the end, Bitcoin is a far more secure payment solution than credit cards, and the blockchain is far more secure than database solutions used by banks.
What are your thoughts on this credit card theft? How long will it take for affected customers to get their money back? Let us know in the comments below!
Images courtesy of Shutterstock, Kate Colored Glasses.