Gang steals over $1M by exploiting Citigroup e-payment flaw
Posted on 31 October 2012.
Fourteen individuals were charged following a FBI-led investigation into the theft of over $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada.


According to an indictment unsealed last week, the defendants stole the money by exploiting a gap - which required multiple withdrawals all within 60 seconds - in Citibank’s electronic transaction security protocols.

According to court documents, the alleged scheme worked as follows: defendant Ara Keshishyan recruited conspirators who were willing to open multiple Citibank checking accounts. He then supplied his co-defendants with “seed” money, which was deposited into the recently opened accounts.

After the money was deposited into the checking accounts, Keshishyan and his conspirators would travel to nearly a dozen casinos in California, Las Vegas and Laughlin, where they used cash advance kiosks at casinos to withdraw (all within 60 seconds) several times the amount of money deposited into the accounts.

Apparently, Citi's account reconciliation systems to treat identical, near-simultaneous withdrawals as duplicates of a single withdrawal from an individual Citi Checking account.

The indictment alleges that, after the cash was collected from the casino “cages,” Keshishyan would typically give conspirators their “cut”—and keep the remainder of the stolen funds—which were often used to gamble. The casinos frequently “comped” the conspirators with free rooms due to their extensive gambling activity. As part of the alleged scheme, the defendants were also careful to keep both their deposits and withdrawals under $10,000 in order to avoid federal transaction reporting requirements and conceal their fraud.

All of the defendants are charged with conspiracy to commit bank fraud and conspiracy to illegally structure financial transactions to avoid reporting requirements, which is punishable by up to five years in prison, and a $250,000 fine.

In addition, defendant Keshishyan is charged with 14 counts of bank fraud, each of which is punishable by up to 30 years in prison and a $1,000,000 fine. The indictment also alleges forfeiture in connection with the crimes charged.





Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //