According to an indictment unsealed last week, the defendants stole the money by exploiting a gap - which required multiple withdrawals all within 60 seconds - in Citibank’s electronic transaction security protocols.
According to court documents, the alleged scheme worked as follows: defendant Ara Keshishyan recruited conspirators who were willing to open multiple Citibank checking accounts. He then supplied his co-defendants with “seed” money, which was deposited into the recently opened accounts.
After the money was deposited into the checking accounts, Keshishyan and his conspirators would travel to nearly a dozen casinos in California, Las Vegas and Laughlin, where they used cash advance kiosks at casinos to withdraw (all within 60 seconds) several times the amount of money deposited into the accounts.
Apparently, Citi's account reconciliation systems to treat identical, near-simultaneous withdrawals as duplicates of a single withdrawal from an individual Citi Checking account.
The indictment alleges that, after the cash was collected from the casino “cages,” Keshishyan would typically give conspirators their “cut”—and keep the remainder of the stolen funds—which were often used to gamble. The casinos frequently “comped” the conspirators with free rooms due to their extensive gambling activity. As part of the alleged scheme, the defendants were also careful to keep both their deposits and withdrawals under $10,000 in order to avoid federal transaction reporting requirements and conceal their fraud.
All of the defendants are charged with conspiracy to commit bank fraud and conspiracy to illegally structure financial transactions to avoid reporting requirements, which is punishable by up to five years in prison, and a $250,000 fine.
In addition, defendant Keshishyan is charged with 14 counts of bank fraud, each of which is punishable by up to 30 years in prison and a $1,000,000 fine. The indictment also alleges forfeiture in connection with the crimes charged.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.