Simultaneous use of advance cash kiosks fools Citigroup’s account reconciliation system

Fourteen people have been arrested and are now on trial for allegedly organizing a bank robbery and stealing more than $1 million dollars from Citigroup.

The scam targeted a loophole Citigroup’s account security protocols handles electronic payments and took advantage of their cash advance kiosks. The group organized multiple nearly identical cash requests from the kiosks, each within 60 seconds of each other. The system interpreted these multiple requests as identical withdrawals and treated them as duplicates of only a single withdrawal. With this technique, they were able to multiply their actual withdrawal by fourteen while only drawing one of those payments from the actual account.

Using this method, the group was able to steal more than $1 million, one $10,000 transaction at a time. Keeping each withdrawal amount under $10,000 allowed them to avoid federal transaction reporting requirements. After they acquired the money, the group used the stolen cash to gamble at the local casinos.

It has been reported that the Citigroup loophole has now been closed.

Original article by Dan Goodin.
Read the full story here.