Best in retail means prime convenience, extensive stock and abysmal security.
Last Sunday morning, a group of unidentified criminals went on a three-hour, no holds barred shopping-spree where they stole from a number of 7-Eleven convenience stores across Japan. The stolen money amounts to a whopping(take a deep breath), 1.4 billion yen($13 million). You can’t even steal half that amount in the final bank-robbery mission of GTA. Grand Theft Lotto indeed.
No AK-47, no bazooka, not even a paint gun was used during what is turning out to be one of the most efficient and high-scaled burglaries of Interpol’s Spring/Summer Most Wanted collection. Like in all cases of multi-million dollar “misplacements”, this theft occurred as a result of criminals tapping into a security loophole in the realms of finance, more specifically, international cash withdrawal via automatic teller machines (ATM). The un-apprehended criminals used counterfeit Standard Bank credit cards made using harvested bank data in order to withdraw cash from ATMs installed at 7-Eleven convenience stores.
Japan’s 7-Eleven stores are owned and operated by Seven Bank, whose ATMs are one of only two local banks that accept foreign credit cards for cash withdrawals. Though a lot less stylish than robbing a bank with guns blazing, these criminals ironically took a hint from 7-Eleven’s motto of “quick-in, quick-out” by simultaneously withdrawing from 7-Eleven ATMs in 16 Japanese prefectures(equivalent to US states) and disappearing before anyone could yell out “GODZILLA”. It was actually South Africa’s Standard Bank that reported that it had suffered the brunt of the heist, reporting its total losses at 300 million rand($19 million).
The criminals’ strategic selection of Japan as the basis of their heist reveals a crucial loophole in international consumer banking. Japan is considered a financially low-risk nation based on its low crime rates, high income and the fact that most of its banks do not accept foreign cards in their ATMs. Also, given its geographic isolation and quick-to-response judicial system, Japan has been relatively ignored my criminal syndicates and cybercrime associations. Thus, Standard Bank’s fraud analytics software was unable to detect the unusual activity that occurred at the same time across multiple locations throughout Japan. The robbery occurred undetected, probably dismissed as an angry shopping spree by the Real-Housewives of Roppongi.
The criminals are suspected to have harvested the credit card data by skimming foreign-issued magnetic strip cards; the fact that Japan hasn’t fully replaced magnetic strip card technology with the newer and more secure “chip and pin” system diminished the chances for team 7-Sloven to react promptly. Dan Kelly, a cybersecurity researcher at Dragon Threat Labs remarked on the blinding tactics of the criminals, saying that “the use of loopholes in the bank’s procedures makes sense, but trying to rustle up a mule network in one country without making too much noise can’t be easy.”
It’s important to note that the criminals, who managed a total 14,000 transactions during their Slurpy-Sunday burglary, are still at large. Though theft cannot be condoned, their niche strategy, execution and disappearance will remain at the annals of to-be-made-Hollywood thefts. There is however, one explanation to this Ocean’s 7-Eleven story. Ninjas.