Now I really believe those who claim there is more money in online fraud than there is in drug dealing. When I read about the WorldPay ATM exploit and got to the part where the caper was described as involving only 100 false cards that were used in 49 cities worldwide during a 30 minute window and the net was $9 million—my ensuing gasp startled everyone in an otherwise normal office. The details are worth reading because you realize at once that this was a master mastermind. The mules—the "cashers" who carried out the crime—were captured on surveillance videos and they made no attempt to go incognito in front of the cameras. So either they were doing someone a favor, or they were assured that the cameras were disabled, or they were told so little that they are going to be useless to prosecutors.

But I come back to the physicality of getting the counterfeit cards to 49 different geographic locations and into the hands of people who could nonchalantly saunter into a mom and pop grocery store, stand in front of a cash machine and make withdrawal, after withdrawal, after withdrawal. During the same 30 minute time frame! How did they do that? This crime may in the end prove to be low tech, compared to the highly organized effort that was necessary to distribute the points of attack and coordinate them to occur briefly, but simultaneously around the world.

According to the FBI, the ones behind this heist weren’t born overnight—they probably were proficient in ATM fraud of which there have been a few publicized cases. A sinister new wrinkle in ATM fraud, the credit limits of these WorldPay cards were disabled. You can bet if there is a trail that leads us to the gang responsible, they are probably hiding in a place where laws can’t leverage much. And I won't be surprised if we find that someone with inside knowledge of WorldPay's system helped pull this off.