Kerala Bank ATM fraud case: three persons apprehended

The police remain on the lookout for the involvement of more hands in the case. Officials involved in the investigation said the bank raised an alert after finding large sums of cash missing from its ATMs in some districts

Published - August 12, 2021 06:13 pm IST - THIRUVANANTHAPURAM

The Kerala Police have taken three persons into custody in connection with an ATM fraud that allegedly preyed into the “compromised cybersecurity system” of the Kerala Bank.

Three days after the recently formed scheduled State cooperative bank alerted the police of an ATM loot of at least ₹2.4 lakh, the Cyber Crime police nabbed two Kasaragod natives from Tirupur in Tamil Nadu late Wednesday and another from Kozhikode on Thursday. The police remained on the lookout for the involvement of more hands in the case, sources said.

Officials involved in the investigation said the bank raised an alert after finding large sums of cash missing from its ATMs in some districts, including Thiruvananthapuram and Kasaragod, on Monday. In Thiruvananthapuram, the fraud is suspected to have taken place from two ATMs, in East Fort and Nedumangad.

Software drawbacks

The gang is suspected to have exploited the failure of the Kerala Bank to evolve a common software for its banking network. Despite amalgamating the district cooperative banks in the State around two years ago, the bank continued to run on separate softwares in each district. This anomaly could have been factored in by the gang while hatching the conspiracy.

A senior police officer said ATMs usually relied on a switch application server to communicate with the core banking system to validate the user’s bank account details for a requested transaction.

In India, the National Payments Corporation of India (NPCI) facilitates the core banking operations of financial institutions, while its National Financial Switch (NFS) links ATM networks across the country. Normally, the ATM software accepts or declines transactions after receiving information from the NPCI through the switch application server. The NPCI, which serves to ensure that the user possessed the required balance in his account, also oversees the transfer of the withdrawn money from the user’s account to the bank that manages the ATM.

Home bank bypassed

However, in the Kerala Bank case, the fraudsters are believed to have used an ATM card issued by a bank account based in Uttar Pradesh to fool the Kerala Bank ATMs to spit out large amounts without notifying their home bank.

Investigators suspect that the perpetrators managed this by hacking the Kerala Bank’s software and intercepting the transaction request before it reached the NPCI system.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.