ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.
A recent news report of a skimming scam in Long Island, N.Y., netted thieves more than $200,000 from ATMs at five branches.
Skimming today is far more sophisticated than in the past. Skimmers can include blue tooth and texting technology that send the data to the criminal anywhere. Keypads can be compromised by devices that overlay the exiting pad and transfer the data remotely.
ATM scams and fraud go beyond skimming to crimes that are very physical such as ram raiding to remote malicious software hacks.
During the Black Hat conference a hacker demonstrated how he forced three ATMs to dispense funds by exploiting the machines’ weaknesses in the computers that operate the ATMs. He purchased machines online and discovered that the physical keys were the same for all ATMs of that type made by that manufacturer. He used the keys to unlock a compartment of the ATM that had standard USB slots. He then inserted a program he wrote for one of the machines, commanding it to dispense all of its vault cash.
Bankinfosecurity.com published “7 Growing Threats to Financial Institutions”.
#1 Skimming; Hardware readily available online that is attached to the face of ATM records user card information and pin codes. In this case you may still be able to perform a transaction.
#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.
#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.
#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.
#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, people names, pet names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.
#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.
#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their Smartphone requesting login information.
#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.
To help combat ATM skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.
ADT’s Anti-Skim Solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.
How to protect yourself from ATM skimming;
- First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.
- Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place, your card sticks, odd looking configurations on the ATM, wires, two sided tape.
- Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
- Don’t reply to phishing or phexting emails. Just hit delete.
- Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere. Do not drop your guard if the ATM is at a bank branch.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- ATM Fraud Increases Identity Theft Risk
Robert Siciliano Identity Theft Expert A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers. A recent survey points towards ATM
- Secret Service: ATM Card Skimming Five Times Higher This Year
Identity Theft Expert Robert Siciliano ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight. Skimming devices have been found recently at ATMs at a Bank of America in Daytona Beach and one weekend last month people came and went from the automated
- ATM Scammers’ New Tactic: Glue
You can almost hear the scammers’ “Eureka!” moment in their evil dungeon lair: “We don’t need no stinking $5000 high-tech remote access Russian-built skimmer – we just need Elmer’s!” And then a crime is committed and history is made. The San Francisco Examiner reported, “thieves glued down the ‘enter,’ ‘cancel’ and ‘clear’ buttons on the keypad
- How Secure Are You And That ATM Transaction?
ATM fraud is more common and likely than a crime committed directly against customers who are in the process of attempting to withdraw cash from the machines, according to NetworkWorld. When studying “emergency PIN technologies” they state fraud was one of the few concrete conclusions from a report about the use of emergency technology at
- Skimming Big Business targeting Big Business
Skimming means more than just cutting fat off steak; it’s also when a thief obtains data from that magnetic strip on the back of your credit card (or debit or ATM card). The thief records and copies this data with a counterfeit card reader onto a blank card’s strip, and then makes purchases or cash withdrawals
Leave a Comment
You must be logged in to post a comment.