Professional Documents
Culture Documents
Table of Contents
Definition of ATM Crime ! Scam/Crime 1 ! Scam/Crime 2 ! Scam/Crime 3 ! Scam/Crime 4 ! Scam/Crime 5 ! Scam/Crime 6 Slide 3 Skimming Slide 4-14 Card Trapping Slide 15-21 Card Swapping Slide 22 Distraction Thefts at ATMs Slide 23 Cash Trapping Slide 24 Robbery & muggings at ATMs Slide 25 Attacks against cardholders Slide 25 Cash in Transit attacks Slide 26 Illegal Diversions at ATMs Slide 27 ATM Burglaries Slide 28 Ram Raids Slide 29-30 ATM Vandalism Slide 31 Fake ATMs & Dummy Overlays Slide 32-33 ATM Crypto Attack Slide 34 ATM Cyber Attack Slide 35 Transaction Reversal Fraud Slide 36 Card & PIN Phishing Slide 37 Slide 38
! ! ! ! ! ! ! ! !
Acknowledgments
Scam/Crime 1 - Skimming
!
Definition Illegal copying of a bank cards security and identification data via a card reading device, coupled with PIN misappropriation via shoulder surfing, miniature camera, electronic recording or long-range surveillance methods. The cardholders information is then transferred onto another card, often a piece of virgin white plastic or other readily available plastic i.e. mobile phone top-up cards or supermarket loyalty cards. The counterfeit card is then used, in conjunction with the corresponding PIN, to withdraw funds at ATMs, usually where there is no CCTV. Major Types Hand-held skimmers; ATM overlays; false card readers; modified POS devices GASA Security Tips
Hourly checking of ATM interface; install skimming device detectors; cardholder security education on PIN protection; surveillance; defensible space and/or ATM mirror to prevent shoulder surfing; CCTV to capture images of fraudsters, especially out of office hours when these crimes mostly take place.
FALSE slot Fixed to the original card slot. (Same color and sticker ). Contains additional card reader to copy your card information ..and duplicate your card
Scam/Crime 1 - Skimming
!
A New Variation on the Skimming Theme Fraudsters are posing as bank employees at ATMs and informing clients that the latest bank procedure is for them to swipe their cards through a card reader. The skimming device used by fraudsters is either attached to the ATM or held by hand. The bank employee, dressed in a bank uniform, then tricks the customer into revealing his/her PIN.
Scam/Crime 1 - Skimming
!
Another Variation on the Skimming Theme Fraudsters have been known to use standalone skimmers on a presentation board posing as a card cleaner, tricking cardholders into being skimmed.
Scam/Crime 1 - Skimming
False pamphlet box affixed to the ATM cubicle side
The micro camera at the side can view the KEYPAD and also the monitor to send wireless picture up to 200metres.
Scam/Crime 1 - Skimming
Inside the pamphlet box
Camera positioned at correct angle to view keypad and monitor Camera Battery; Transmission Antenna
Scam/Crime 1 - Skimming
Note that false card readers can be installed in lightening criminal operations for short periods from 15-20 minutes, in order to avoid detection, during which time several cards can be compromised. This kind of threat necessitates very regular checking of the ATM interface by trained staff and also reinforces the need for proper placement of ATMs in well-lit, prominent spots.
10
11
12
Definition Here false skimming devices are attached to the entry points of a bank lobby door to illegally copy information encoded on the bank cards magnetic stripe. The skimmer could either be placed inside the door entry device or placed above or below it so that the customers card will be swiped. Fraudsters remove the door entry device, strip the insides and replace them with their own skimming equipment. PINs can then be obtained by shoulder surfing or through micro-cameras or as a result of Good Samaritan deception tactics.
GASA Security Tips Hourly checking of lobby access point; install skimming device detectors; cardholder security education; surveillance; replacement of swipe mechanism with push-button activation.
13
14
Definition
The theft of a customers card through tampering with the card reader to ensure the card remains stuck inside the card slot and cannot be returned to the customer after it has been inserted. In this scam, the ATM will not register that a card has been entered, so the screen does not change or request the person to enter his PIN. This crime involves affixing a device to the card reader/slot, typically a loop of material or plastic V fitted to a false card slot and then placed over or into the genuine card reader. Once the card is trapped the fraudster poses as a fellow customer and Good Samaritan and offers assistance, advising the customer to enter their PIN to release the card. This does not release the card and only serves as a way for the fraudster to observe the PIN. [Dip" or "swipe" card readers are not susceptible to this type of scam because the card never fully enters the ATM on those particular models.] The customer believes the card has been retained and leaves the ATM. Fraudsters then remove the device and card and subsequently use the card fraudulently, often before the cardholder has reported the incident.
Types
Fuse wire Lebanese Loop Water bottle Algerian V VHS tape Romanian Loop Tape measure Builders Loop
15
16
Back View
Card Insertion
Entry Flap
Bank Card
Not To Scale
Not To Scale
17
This fraudster is rigging the card reader to capture the card of the next person who uses the machine.
18
Here the fraudster pretends to render assistance. What he is in fact trying to do is obtain the customers PIN now that he has captured the card.
19
He convinces the customer that he would be able to retrieve his card if he entered his PIN while he holds down both the cancel and the enter buttons.
20
A thin plastic sleeve is inserted into the card reader to trap the card AND to prevent the ATM from reading the magnetic stripe data. The ATM repeatedly asks the customer to enter his PIN number. The fraudster observes the customers PIN being tapped in. When the victim leaves, thinking the ATM has swallowed his card, the thief removes both the plastic sleeve and the card.
21
Definition
This is a card theft trick whereby a fraudster poses at an ATM as a Good Samaritan after forcing the ATM to malfunction and then uses a sleight of hand to substitute the customers card with an old bank card, observing the customer entering his PIN (which of course does not work for the old card). The malfunction may involve freezing the ATM by entering a specific sequence of zeros on the keypad (this method of operation can only be performed on certain machines). The ATM does not switch off or show any obvious sign of being tampered with. The victim tries to insert his card in the reader, the ATM reader slot will not properly open so the card will not go all the way in. The thief comes along and offers his assistance by pretending to push the victims card into the slot. While doing so, he either swaps the card or steals it. A further twist can occur when the fraudster offers to call the banks card loss division for the customer, either to obtain the PIN number if that has not already been achieved OR to delay the reporting of the problem by the customer to but time for more fraudulent withdrawals. Once the card has been swapped, the thief offers to call the banks card loss division to cancel the card on the victims behalf, using his cell phone. At the other end of the phone is a member of the syndicate.
!
Customer education, customer education and customer education! In addition, surveillance and checking the interface of the ATM regularly.
22
Definition Methods of stealing at, or in the vicinity of, ATMs, varying from pickpocketing to some types of card swapping , which involve breaking the concentration of the customer in order to carry out the crime undetected by the victim. Typically a victim is observed withdrawing large sums of cash from either the ATM or over the branch counter. The fraudsters wait for them to leave and approach them in the street by squirting a substance over them. Then they pose as well meaning passers-by offering to wipe the mess from the victims clothing whilst pick pocketing them at the same time. Fraudsters often operate in groups so that one of them can distract the customer while someone else swaps or swipes the card.
GASA Security Tip Customer education programmes should warn customers never to accept help from strangers at ATMs. Customers should be vigilant and aware of their surroundings at all times especially when leaving the premises.
23
Definition The illegal interference with the ATMs cash dispensing function so that the cash will be trapped and later stolen after the victim has departed from the ATM. This tampering is targeted at ATMs using the spray cash dispensing method the obstruction inserted by the fraudster prevents the notes from being dispensed into the cash tray. Cash trapping can take place at any type of machine.
GASA Security Tip Hourly checking of all cash machines for any signs of tampering.
24
Definition The use of force to steal cash from a customer using an ATM. Most robberies at ATMs are committed by a lone offender, using a weapon, against a lone victim, usually at night (with the highest risk between midnight and 4 am), after a cash withdrawal. Police estimate about 15% of victims are injured during the robbery. Forced ATM withdrawals occur when criminals take cardholders against their will to an ATM and force them to withdraw cash, sometimes at gunpoint. Forced withdrawals typically do not originate at the ATM but tend to form part of a sequence of multiple crimes like home invasions, abductions and assaults.
GASA Security Tip High rates of street robbery, including ATM robbery, are likely to coincide with crack cocaine or other drug markets; industry should work with police to root out local drug territories; customer education programmes should stress that customers should avoid poorly lit and isolated ATMs, especially during the middle of the night.
25
Definition Inside Premises attacks Take place when the cash carrier is replenishing cash within the premises where the ATM is located. Typically, a gang enters the ATM area prior to arrival of the crew and lays an ambush. Weapons and extreme violence may be used. The cash carrier is forced to handover the cash. Cross Pavement attacks Various modus operandi are employed, the most common of which is to attack the cash carrier after the cash cassettes have been removed from the Armoured Vehicle for delivery to the ATM in order to snatch the cassettes. Weapons and extreme violence may be used.
GASA Security Tip GASA has produced a security best practice manual for ATM cash replenishment which should be consulted by all cash carriers.
26
Definition The use of false out of order notices and other diversionary signs intended to channel customers to ATMs situated in quieter, less secure spots, where a variety of ATM crimes can occur, such as skimming, robbery, cash trapping, etc See also ATM Vandalism (Scam/Crime 10) as a possible diversionary tactic.
GASA Security Tip Customer education programmes should stress that customers need to steer clear of ATMs which are isolated or perceived as poorly lit.
27
Definition
The use of force, usually involving technology like angle grinders, blow torches, and explosives to break into the inside of an ATM on site in order to steal the cash stored in the machine.
!
Physical protective measures like alarms, CCTV, security guards, smoke and dye systems may be employed. For convenience ATMs, merchant fill models whereby merchants remove cash from the ATM as they would from the till after closing, leaving the ATM open and providing a notice to indicate there is no money in the ATM, can provide a low-cost deterrent to burglaries by taking away the criminal reward and target for the crime.
28
Definition Ram raids often take place in the early hours of the morning in areas where police times might be slower than normal. Externally sited ATMs Highly organised activity often involving the use of 3 vehicles and industrial equipment. ATM surround is chiselled out and an industrial wire is placed around the machine. Transit van is reversed towards the ATM, wire is fed through the back and front of (windscreens removed) and attached to a tow bar on a 4x4. The 4x4 pulls away and drags the ATM whole into the rear of the van. Internally sited ATMs Free-standing ATM is lassoed, lasso is then tied to a vehicle which pulls away and removes the ATM away from anchoring. ATM stolen whole. Cash later removed from cassettes away from premises. Cash is then removed from the scene to avoid detection by tracking device.
GASA Security Tip Physical protective measures like bollards, anti-lasso devices, alarms, CCTV, security guards, smoke and dye systems may be employed. Merchant fill models whereby merchants remove cash from the ATM as they would from the till after closing, leaving the ATM open and providing a notice to indicate there is no money in the ATM, can provide a low-cost deterrent to ram raids by taking away the criminal reward and target for the crime.
29
30
Customer education programmes should stress that customers need to steer clear of ATMs which are isolated or perceived as poorly lit.
31
Definition
Bogus ATMs, some of which can dispense cash, installed in non-bank premises for short periods of time to capture cards and record PINs. Dummy covers can be placed over part or all of the ATM interface which can trap cash or cards or both. False PIN pads can be used to record customer PINs, often in conjunction with skimming devices.
!
We recommend hourly checking of the ATM interface in addition to cardholder security education.
32
Definition
PIN data encrypted in messages from the ATM to the Acquiring Host are compromised using Cryptographic analysis techniques. The compromised data is processed and relayed and new counterfeit cards are created for use with the genuine but compromised PIN.
34
Definition
When an ATM system is deliberately disrupted, damaged or compromised through unauthorised cyber penetration, including through hacking, viruses, Trojans or worms. The aim could be to destroy or obtain data or to undermine trust in the ATM and in financial networks in general.
!
GASA has produced a General Cyber Security Manual and an ATM Cyber Security Manual for ATMs with Windows XP operating systems, as well as a white paper on a Continuous Cyber Security Process (CCSP).
35
Definition This scam may fall under legitimate cardholder ATM crimes that is, when a cardholder defrauds his/her bank through misuse of his/her legitimate ATM card and/or the ATM system. Transaction reversal fraud involves tricking the ATM into not debiting some of the cash that has been taken or manipulating the ATM to pay more than the balance available on the account. Type 1. A manipulation device (clips / fingers) placed within the cash dispenser slot to interfere with the transit of cash from the cassette to the dispenser. Transaction undertaken, funds issued and removed by fraudster, however the interference in the dispenser prevents the ATM from completing the cycle, ATM assumes the money is purged and not dispensed to customer. Activity often involves stolen card/PIN. Type 2. Transaction undertaken and notes dispensed. Some of the notes are carefully removed. ATM times-out and notes that remain are retracted into the purge bin. ATM unable to count the number of notes retracted and assumes the transaction hasnt completed and the notes havent been dispensed and the customers account is not debited.
GASA Security Tip Reassess the cash dispensing functionality and system to prevent manipulation.
36
Definition
Fastest growing ATM card fraud loss type in US is Phishing fraud. International Problem criminals target financial institutions in multiple countries and moving to smaller sized financial institutions. Criminals organizations are based in the US, Russia, Former Eastern Bloc and Asia. ATM fraud identified in Romania, Russia, UK, Vietnam, Spain, US, Turkey, China, Mexico, Columbia, Germany, Canada and Kenya. Email and Trojan attacks are merging and becoming much more sophisticated.
Acknowledgments
" APACS online Cash Machine Crime Directory & Picture Gallery " Martin Lewis, Chairman, ATM Crime Group, APACS " Fair Isaac " GASA " SABRIC " EAST (European ATM Security Team) " Banking Ombudsman, SA " Alan Townsend, Crime Prevention Co-ordinator, Flying Squad " Graham McKay, ATMIA
38