British ATM cards all come with RFID smartcard chips that are used to verify that the card hasn't been cloned. So British card-skimmers email the numbers to India, clone the cards there, and clean out their marks' bank accounts in Sri Lanka:
Under the direction of a computer savvy crime boss, the thieves collected credit card numbers from an unscrupulus gas station attendant in London and uploaded the electronic information to the magnetic strips on the back of phone cards. Then they caught a flight to India.
Since the Indian ATMs only had single point verification the gang was able to exploit the technology gap all across Tamil Nadu and netted a neat sum. They would have gotten away with it, too. The police didn't have a clue it was happening, and it was only when an unusually attentive security guard posted outside an ATM noticed a man withdrawing cash from multiple cards in succession that he was able to tip off the cops.
(via Schneier)
Update: Peter sez, "No emailing took place; the fake cards were made in the UK (apparently
using phone cards), and then the thieves flew to India with the cards.
"The criminals are Sri Lankan, but the withdrawals all took place in
India (Tamil Nadu is a state in southern India; since the criminals are
Sri Lankan, I'd guess they're Sri Lankan Tamils, who could operate more
easily in Tamil Nadu than could Sinhalese Sri Lankans)."
