Three employees of Russia's Sberbank used an unusual method to defraud the bank of more than $300,000 this fall. They placed their own bill acceptor into the ATM they were charged with maintaining and, using just one bill, transferred random amounts of money to fictitious accounts, which they later tapped for the funds.
The employees later deleted all information about the transaction permissions they had as service cardholders. The fraud was only detected when a deficit was noted by bank staff at the ATM used in the scam, said a posting by the State Russian Interior Ministry in the Irkutsk Region.
The theft was attributed to insufficient software protection making it possible for people to continue to work in the bank while stealing from it, the post said.
Such a crime should never have been possible to carry out, said Stanislav Shevchenko, technical director from Russian ATM security solutions developer SafenSoft. "Activity monitoring and logging is very important part of the ATM software security solution that allows the detailed investigation to be made," he said.
Shevchenko said that even if a crook got full access to a device, if proper monitoring solutions has been in place, their programming would know if someone should disable file system protection. "It will be shown in log on the server managing the ATM system," Shevchenko said.
"In fact, even if this particular report about protection disabling or data access attempt somehow gets deleted from the database, missing lines in the reports will still give one a hint that something is going on. To prevent crimes like this one more resources should be allocated to monitoring the actions of people with high level of access to the device."
For more on this topic, visit the security research center.