Get the latest updates as we post them — right on your browser

. Last Updated: 07/27/2016

Arrest Nets 50 Fake ATM Cards

The fraud ring that has been preying on Moscow ATM users may still be very much in business.

A Swedish national arrested and charged in London last week for using 50 forged bank cards to try to withdraw cash from an ATM is connected to a Russian crime ring that stole data from Moscow ATMs, Visa International officials said Tuesday.

They said the data on the cards had been stolen from account holders who had used their bank cards in Moscow.

Krister Elsgern, 32, was charged in a local London court last Friday with conspiracy to defraud clearing banks, police spokeswoman Bernadette Ford said. Elsgern had been arrested the previous Tuesday, she added.

Indeed, if it had not been for a bit of dumb luck, as many as 50 more unwitting ATM customers could have been added to the list of over 200 victims who have had their bank accounts cleared out after using their cards in Moscow.

Visa officials said the arrest had been made by an off-duty police officer who happened to be standing in line behind Elsgern at an ATM machine in central London and noticed him inserting card after counterfeit card in the machine.

Such cards are easily distinguishable from genuine cards because they are white with no bank logos, said Tim Murphy, head of the risk department at the London headquarters of Visa International, a major card payments company.

Elsgern had been using cards made with information stolen from both Visa International cards and cards issued by Europay, the other major international card payments system.

Europay, which manages Mastercard's Cirrus and Maestro networks, declined to comment.

Soon after The Moscow Times first reported the existence of an ATM fraud ring in late October, officials from both Visa and Europay made statements to the effect that the fraud ring had been neutralized. Arrests had been made in other European capitals, both firms said at the time.

The first arrests, in which four Kazakh nationals were detained in Munich after attempting to use counterfeit cards at an ATM, were made in March. The four were recently convicted of organized credit card forgery and given jail sentences of up to 4 1/2 years.

Other arrests in the case were subsequently made in Stockholm and, more recently, in Paris and now London.

A criminal investigation has been opened in Moscow, but police here have been tight-lipped about their progress.

Even as the first ATM bandits begin their jail sentences, the organizers of the crime ring have still not been identified or arrested.

Europay officials have accused Union Card, which had processed 50 percent of all Russian bank card transactions, of involvement in the fraud. Visa has indirectly backed that accusation.

Union Card officials have admitted that their company's dealings had been investigated. After Europay cut off Union Card from its payment system, the Russian firm issued a statement denying that any security breaches had been found.

Neither Visa nor Europay has issued any explicit warnings for card holders wanting to use ATMs in Moscow.

Company officials have said customers should keep a close watch on their bank accounts. But there is no guarantee that banks will reimburse victims of automatic teller machine fraud.

As more facts about the fraud ring have come to light, a different picture of the Russian ATM network has emerged - one that contrasts sharply with the reassuring statements given earlier by international card companies and Russian banks that it is fundamentally secure.

At a Tuesday press conference in Moscow, Visa officials said the security of the local ATM network had been the number one issue at a recent meeting with Russian member banks.

Visa is implementing new procedures to insure the ATM system's security, Murphy said.

"The focus is on what type of encryption was used [by mem ber banks], how was it implemented, and was it implemented to international standards," he said. "Banks tend to over-rely on vendors of ATM equipment and software."

If such statements give a charitable characterization of the Russian ATM system's shortcomings, they also mark a shift away from previous assertions that cracking the encryption used to protect PIN codes entered at Russian ATMs is a theoretical impossibility.

Other sources familiar with the Russian ATM network have recently said - albeit anonymously - that the member banks that operate the system on behalf of international payments firms often use second-rate encryption technology because of cost considerations.

Visa and Europay have said they audit their member banks to make sure don't resort to such cost-cutting.

However, these audits are rare.

The payments companies rely primarily on the banks themselves to conduct internal security audits and report the results, Murphy said.

Evidently, this system has not proved adequate to insure the standards of the Russian ATM system.

Both Visa and Europay have said they are giving the Russian ATM system a thorough top-to-bottom check and will remedy any inadequacies.