A Federal Bureau of Investigation liaison information report exposed in the Blue Leaks hack of sensitive law-enforcement data last July warned the financial services sector about scammers using cardless banking apps to commit account takeover (ATO) fraud and launder money. This also causes new concerns for Anti-Money Laundering (AML) efforts. 

Authored last May, the report was authored by the FBI’s Criminal Investigative Division and its Office of the Private Sector. The FBI issued the report to “inform the financial services sector about criminals using ‘cardless’ automated teller machine (ATM) access code vulnerabilities to commit fraud and evade financial institution policy restrictions,” according to the document.

Citing three cases, the FBI report explains how cybercriminals have exploited “existing mobile device ID security vulnerabilities” in cardless ATM technology “to conduct account takeover and place illicit proceeds into the U.S. banking system.”