By Michael O'Boyle
MEXICO CITY (Reuters) - Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government's investigation said.
Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of thousands of pesos from banks including Banorte, to fake accounts in other banks, the sources said, and accomplices then emptied the accounts in cash withdrawals in dozens of branch offices.
One source said the thieves transferred more than 300 million pesos ($15.4 million).
Daily newspaper El Financiero said about 400 million pesos had been stolen in the hack, citing an anonymous source.
It was not clear how much of the money transferred was later withdrawn in cash.
Some of the attempts to fraudulently transfer funds were blocked, the sources said.
Lorenza Martinez, head of Banxico's payment system, told Reuters on Friday that five institutions saw "unauthorized transfers."
Both she and the central bank stopped short of calling it a cyber attack.
Inter-bank transfers slowed in later April, feeding worries that Latin America's second biggest economy could be the latest victim in a global wave of cyber attacks.
Hackers may have had help inside bank branches, since such big cash withdrawals are uncommon, one source said.
"In terms of the security of the bank's offices, I think that is part of the analysis that each bank is doing," Martinez said.
Martinez said that the central bank's SPEI interbank transfer system was not compromised but that the problem had to do with software developed by institutions or third-party providers to connect to the payment system.
Many banks have migrated to an alternate, slower technology to connect to the payment system, she said.
A Banorte spokeswoman declined to answer questions from Reuters on Monday, and pointed to May 9 statement from the bank that said clients' deposits were not affected by the "incident."
Mexico's SPEI system is a domestic network similar to the SWIFT global messaging system that moves trillions of dollars each day. Hackers have used SWIFT connections to attack banks around the world.
The central bank also said that no clients had been affected so far. Martinez said that the transfers hit accounts of financial institutions in the central bank.