The city police have received four more complaints of fraudulent withdrawal from ATMs of a private bank, which had earlier reported similar fraud at three other ATMs.
Police sources said in all the cases the fraudsters had detached the ATMs from the bank’s server by setting up proxy servers before withdrawing the money.
“The fraud amounts to a tune of around Rs 2 crore. We want to clarify that the theft will not affect the account-holders or the bank. The company hired to refill the ATMs is bearing the immediate losses. The money is insured,” an officer at Lalbazar said on Monday.
The fresh complaints are related to ATMs in Phoolbagan, Bowbazar, Beniapukur and Behala. Earlier, the bank had complained about fraudulent withdrawals from ATMs in Cossipore, Jadavpur and New Market.
Sources said there could be at least two or three more incidents of fraudulent withdrawal.
The bank has not issued any statement on the ATM breach but an official who did not want to be named said: “An agency of global repute is in charge of maintaining and refilling the ATMs. They are fixing the issue. An additional layer of firewall and more secure communication between the machine and the ATM network is needed to prevent such breaches.”
A forensic team visited some of the affected ATMs on Monday to ascertain the modus operandi of the fraudsters. The team found that the fraudsters had removed the “hood” of the ATMs and inserted a device to create a proxy server that would give and receive commands from the machine.
“Once the device is installed and the bank’s server is disconnected from the ATM, any debit card can be used to withdraw money. The withdrawal amount will depend on the cash inside the machine and not the balance in the account to which the card is attached,” said an officer.
The police said “electronic evidence” suggested that the gang was in Calcutta for 10 to 20 days and attacked the ATMs where a breach had been detected earlier in the end-to-end encryption in the communication between the bank’s server and the machines. A similar ATM fraud had been reported from Faridabad a few weeks ago. Calcutta police are in touch with the Faridabad police.
Investigators at Lalbazar feel someone who had “complete technical knowledge” about ATMs was behind the thefts. In some of the ATMs, the fraudsters had swiped debit cards more than 60 times to withdraw the money. “We have been able to extract details of the debit cards used to withdraw the money but the cards have turned out to be fake,” an officer said.