I worked in IT at a major local bank "many moons" ago. How this was pulled off is by copying the mag strip data off of the card as Krebs mentioned in the article. Well, mitigations were developed for this at that time. Also, I would think that most bank ATM's now only use the Smart chip on the debit card versus the mag strip. I guess there are still some small retailer located ATMs that aren't Smart chip enabled. But these in the U.S. at least are in the distinct minority.
The article has been updated: Related: India's Cosmos bank raided for $13m by hackers August 15, 2018 https://www.theregister.co.uk/2018/08/15/cosmos_bank_raided/
For starters, India's banking system has had security issues for some time. Per the targeted bank: http://www.dnaindia.com/india/report-hackers-swindle-rs-94-crore-from-pune-s-cosmos-bank-2649650 I strongly suspect the phony debit cards were linked to corporate settlement accounts. Why these accounts would be accessible via the ATM network is the security $64,000 question. What the hackers did was instead of transferring money to a legit settlement account, they initiated a SWIFT transaction to route the money to their foreign accounts. As is true in many of these heists, appear the hackers also had inside knowledge of the targeted bank operations.
Pune cyber attack: Police recover Rs 10 crore from bank in Hong Kong August 24, 2019 https://indianexpress.com/article/c...r-rs-10-crore-from-bank-in-hong-kong-5932673/