Gone In 60 Seconds: How Citibank Was Robbed Because of a Security Flaw



In 2012, Californian Ara Keshishyan crafted a scam that would rob Citibank of $1 million, simply by exploiting a security protocol used by the financial firm. He started by recruiting help, supplying his accomplices with seed money that was placed into recently opened bank accounts. Once the money was in the accounts, Keshishyan and the others traveled to various casinos in California and Nevada to complete the scam itself. Once inside the casinos, the conspirators used cash advance kiosks to withdraw several times the amount of money deposited into the accounts. This was done by exploiting a Citibank security gap they discovered. Once the cash was collected — all within 60 seconds — the crew took their cut and went gambling. In addition to the losses suffered by Citibank, the casinos provided the fraudsters with free rooms and drinks because of their lavish spending. While the crew kept the withdrawals below $10,000 in order to avoid red flags that would require federal transaction reporting, Citibank auditors noticed something was off and alerted the authorities. All 14 people were arrested and charged with conspiracy to commit bank fraud. It was around that time that the FBI announced its cybercrime division. Meanwhile, Citibank got busy shoring up its security protections to ensure that there was not a repeat of the fraud. The mastermind, Ara Keshishyan, was sentenced to 30 years in prison and fined $1 million, while the remaining 13 conspirators received 5 years in prison and $250,000 fines.