How R42m was stolen from Postbank

The well planned and executed bank heist which will leave Postbank’s shareholder, government, R42m out of pocket was reportedly carried out by a Nigerian syndicate.
This is according to a source within one of SA’s four banks.
This is not sheer speculation. The syndicate that carried out the theft over the New Year holidays had previously attempted to pull off the same crime on other, bigger banks in SA. In each case they were unable to penetrate the IT systems.
“They used exactly the same modus operandi. They just carried on trying at different banks until they found a hole,” the source says.
The heist, which was planned and executed over several months, required that hundreds of legal savings accounts were opened, each one with a debit card.
“Account holders need a SA ID. Either the ID is real, in which case the account holder has been paid to open the account, or the account was opened using fake IDs.”
The next step was to create a virtual branch. This was done by cloning the terminal of a teller in Rustenburg.
In other words the syndicate created a computer with the same user ID and password, and the same IP address as the teller’s computer on the Postbank network. The network recognised this clone as a legitimate terminal on its network.
Similarly the hackers gained access to the supervisor’s user ID and passwords and cloned this computer. The supervisor’s details were needed to approve transactions made by the “teller”.
These passwords would have been accessed from someone inside Postbank, either from the teller and supervisor or from IT security. “They would do this by bribing or threatening the people concerned.”
With the basics out of the way, the syndicate set about transferring money into each of the accounts. Postbank is correct when it says that none of the bank’s 4m clients were affected.
“The transfer into the account was simply a journal entry, the other half of the transaction – the debit from another account – was not completed,” says the source.
These entries could go untraced for weeks. “Banks have thousands of rands in unmatched funds sitting in suspense accounts. This is life in a world where one is processing millions of transactions a day.”
The final step in the preparation was to lift the daily withdrawal threshold on the debit cards. In SA the interbank transfer system does not limit the amount of money that a cardholder can withdraw from an ATM.
“So theoretically if an account holder from bank A has the authorisation to withdraw R50 000/day using their debit card, bank B’s ATM will proceed with the withdrawal.”
The fraudsters waited until the public holidays to carry out their crime. Several hundred mules fanned out across three provinces and withdrew “very large amounts” from ATMs over a three day period. The next stage of the crime – laundering the estimated R42m back into the system – is arguably the most risky, the source adds.
According to Lungile Lose, the SA Post Office’s executive for corporate affairs, the SA Post Office is working with the SAPS on the case. The Post Office, she says, could not divulge any information or confirm details at this stage.
However Vish Naidoo, national spokesman for the SAPS added that the Hawks, the commercial crimes unit of the SAPS and the National Intelligence Agency are not yet involved in the investigation. Brian Dube, the spokesman for the Department of State Security confirmed that the NIA was available to lend support if required.
Bank fraud is rising dramatically, adds the source. However, most of this is confined to debit card and credit card fraud.
“What is notable is that this was not internet banking fraud – which is where everyone expects the fraud to come from. SA banks have huge security teams dedicated to protecting their networks. What these guys did was clone a branch. The holes should be easy to fix. It will keep the IT guys occupied for a week or so.”
Source: Moneyweb