1.1189929-2837726059
This image taken from the phone of a suspect shows Elvis Rafael Rodriguez and Emir Yasser Yeje in New York with cash allegedly defrauded from two Gulf banks earlier this year. Image Credit: Reuters

Dubai: When pre-paid RAKBank and the BankMuscatcredit card accounts were duped of $45 million (Dh165.5 million) in December and February by a gang of criminals using forged electronic cards, how it happened seemed pretty clear.

Criminals had hacked into two Indian credit card processing companies — Bengaluru-based ElectraCard Services, which is partially owned by MasterCard, and Pune-based Enstage.

The hackers increased the limits on the pre-paid cards and erased withdrawal limits. Using a $300 card copying machine available on the internet for $300, they simply used everything from hotel key cards to airline loyalty cards to encrypt the inflated financial details on the magnetic strips.

On a pre-arranged day in December, criminals loaded with the debit cards and PIN numbers, headed into city streets around the world, racing from one ATM to the next, often taking out the maximum the cash machine would allow in a single transaction: $800.

They worked for about 2.5 hours, reaping $5 million worldwide in about 4,500 transactions.

In February, the gang hit the ATMs for 10 hours straight, collecting $40 million in 36,000 transactions. The New York money runners made off with $2.8 million, according to an indictment against eight men. But the $2.8 million is a fraction of the total amount yielded by the heist.

So how do you turn $45 million in cash into legitimately laundered funds without raising the suspicion of financial regulators, banking oversight regulators and taxation officials?

The proceeds from RAKBank and BankMuscat — money that wasn’t blown on a frenzied spending spree of jewellery and drugs — was filtered through Liberty Reserve accounts, with the exchange taking a 1 per cent processing fee.

According to the indictment brought down in New York on Tuesday by US justice, law enforcement, tax and security officials, Liberty Reserve provided the means and opportunity for criminals to make their dirty money clean.

The digital currency company, unlike traditional banks or legitimate online payment processors, didn’t require users to validate their identity and allowed accounts to be opened under fictitious names such as “Russia Hackers” and “Hacker Account,” according to prosecutors.

An undercover agent was able to establish a Liberty Reserve account using the alias “Joe Bogus”, listing his address as “123 Fake Main Street” in “Completely Made Up City, New York,” said Manhattan US Attorney Preet Bharara.

The prosecution is believed to be the largest money-laundering case brought by the US.

Liberty Reserve, incorporated in Costa Rica in 2006, operated as “essentially a black-market bank,” Bharara said.

The company helped users launder illegal proceeds from crimes or transfer funds among associates, prosecutors said. Prosecutors said Liberty Reserve’s digital currency was used by people committing identity theft,,child pornography and narcotics trafficking — and credit card fraud and computer hacking, as was the case with the RAKBank and BankMuscat frauds.

Liberty Reserve had an estimated 1 million users around the world and conducted a total of about 55 million transactions - virtually all of them illegal — including 200,000 in the US. Investigators have found that criminal rings that used Liberty Reserve to distribute illicit proceeds operated from Vietnam, Nigeria, Hong Kong, China and America. “Its entire existence was based on a criminal business model,” Bharara said at the news conference.

Federal officials said the system enabled criminals to sell stolen credit card data and hacking software to one another — or transfer ill-gotten gains.

— With inputs from agencies