Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
In India, fraudsters were able to withdraw money from SBI bank ATMs for some time using a bug in the Timeout Error (the client did not take the money from the withdrawal after the allotted time, the system takes it back). Moreover, they did these operations secretly and without writing off the clients' accounts, which allowed the fraudsters to use this method until a problem with the ATMs was revealed during the bank's audit and the subsequent investigation into the theft of money.
According to the bank, the two fraudsters managed to obtain a total of Rs 2.52 lakh (Rs 252,000) in cash from an SBI ATM. They used multiple stolen or lost ATM cards to withdraw money repeatedly. The withdrawals were in small amounts and continued between June 2022 and July 2023.
After withdrawing cash, the fraudsters would typically leave one bill in the ATM's cash-out slot. This action would cause the ATM to register the transaction as incomplete. However, this situation would cause a Timeout Error in the ATM's algorithm, which would take the money back without checking that all the bills were there. Since the ATM would mark the transaction as incomplete, the money would not be debited from the account holders' balances. This trick ensured that there would be no complaints from customers, and the fraud would remain hidden for several months.
The scam was uncovered when the bank discovered minor discrepancies between the total amount of cash deposited into ATMs and the amounts withdrawn. The financial institution's banking committee initially investigated the irregularities but was unable to identify the problem. With no leads or evidence, even the bank's employees came under suspicion.
The breakthrough in the investigation came when the bank’s experts were reviewing CCTV footage from the ATMs. They found that the same individuals were frequently visiting certain ATMs using different stolen customer cards. The footage showed the suspects’ activities, including leaving a single note in the cash-in and cash-out slots. SBI has handed over the fraud to the police, who have registered a case under Sections 406 (criminal breach of trust) and 420 (cheating) of the Indian Penal Code. The police are still hunting for the scammers. No charges have been filed in the incident so far.
Following this incident, SBI strengthened the security of ATMs and rewrote the system's algorithm to prevent similar frauds in the future.
Source
