TikTok ATM Scam
Finextra — According to the New York Times, a rash of huge withdrawals was made possible by a fault with cards used to pay young people as part of a youth jobs programme. The programme issued as many as 30,000 cards to 14-to 24-year-olds because they could not be paid via direct debit.
The cards were only supposed to enable users to access their weekly earnings. However, from 11 to 13 July, cardholders were able to withdraw huge sums; as much as $40,000 per ATM in $200 at a time, according to the Times.
The glitch went viral on TikTok and Instagram and some users sold their cards for $1000 each. As the news spread, $17 million was withdrawn across the city before the cards were deactivated.
Pymmnts.com — A recent scam promoted on TikTok led to the theft of $17 million from New York ATMs in less than three days. Criminals exploited payment cards issued to around 30,000 unbanked youth participants (ages 14–24) in the city’s Summer Youth Employment Program (SYEP). The cards, which were supposed to limit withdrawals to participants’ modest earnings, were manipulated to enable unauthorized cash-outs ranging from $10,000 to $43,000 per ATM.
This illicit activity started on July 11 and was stopped by the morning of July 14 after ATM operators noticed irregular cash withdrawal patterns and alerted authorities. The scam was fueled by TikTok videos encouraging users to abuse the system, with some compromised cards sold for $1,000 each.
The exact method of the breach and the main perpetrators remain unclear. The city claims taxpayer funds were not directly lost, but who ultimately bears responsibility for the stolen $17 million is still under investigation. Many victims were first-time jobholders with limited banking experience, targeted by organized criminal groups. As a result, both the network operators and program administrators are reviewing security procedures and controls around youth- and government-issued cards to prevent similar incidents in the future1.
Excerpt Comment
“Many ATM networks still rely on legacy hardware and software that may not support the latest security features or compliance standards. As technology advances, these outdated systems become more vulnerable to cyberattacks, malware and operational failures.