ATM FRAUD A GROWING THREAT TO BANKS

A recent survey shows that almost 70 percent of financial institutions experienced an increase in ATM/debit card fraud claims in 2008 compared to 2007. Twenty-three percent of respondents say those claims jumped by 5 to 9 percent, while the rest noted growth of anywhere between 10 and 74 percent. These numbers are only expected to grow in 2009, as a result of the recession.

Half of the institutions surveyed say they were hit with fraud complaints that came out of some of the major data breaches, with more than 30 percent saying they had seen fraud incidents.

Approximately 80 percent of the survey respondents say the big data breaches can decrease consumer confidence in ATM/debit card use. About 15 percent say they have reissued cards to more than 20 percent of their cardholder customers.

ATM Fraud Trends
The reason that criminals target ATMs is simple. Criminals like cards and PINs. It is much easier to cash them out, rather than to hire a mule or repackager with stolen credit cards. If the magnetic stripe data and pin is available, it is easy money for the criminal to get the cash out of the ATM. There is no fence, no making an authentic card to use at a retailer. While this crime is much harder to perpetrate, criminals prefer this over other types of credit card fraud, such as signature-based fraud.

Here are the top ATM/debit card fraud trends:

#1. Skimming — The upswing in skimming at institutions has caught fraud experts’ attention. A higher percentage of criminals are going straight to a bank and installing a PIN pad overlay and card reader. This is where the transaction goes through, and the customer doesn’t realize that their ATM card or debit card has been compromised. There is a steady increase over the last couple years on this type of fraud.

#2. Ghost ATMs — There are also the “Ghost ATMs,” where the entire ATM card reader is blocked off and customers can’t perform a transaction. The customer swipes their card, enters their PIN, and then the fake ATM says it can’t complete the transaction. There were several of these types of ghost ATMs that popped up on the east coast back four years ago

#3. Ram Raids — Criminals continue to target ATMs in various ways, with “ram” raids happening more often in the US. Ram raids are perpetrated when criminals physically break out ATMs from the wall at the institution. The opportunity that some non-hardened criminals see is an exterior ATM that can be pulled out, loaded with thousands of tshs . So in terms of crimes of opportunity, people feeling desperate will attempt this crime.

#4. PIN ID’s — One of the other trends happening is where criminals are testing systems to identify PINs. One particular technique is where the criminal captures the magnetic stripe data from a retailer. They then go to an online bank site with a script written on several well known PINs, and run it against the site until they get a match.

#5. Automated PIN Changes — Another trend is criminals go through the financial institution’s telephone banking service to change PIN numbers. They will use the ANI to change the information on the phone they’re calling out from to appear like they are calling from the consumer’s phone. If they can find the basic information on the card holder, name, card account number, then they’re trying to take that info and go to the call center and change the PIN number over the phone. while more time-consuming, the overhead cost is cut to near nothing other than their own work to deceive the bank call center. Then with the changed PIN, the criminals drain the account. The easier it is for the consumer to change their account, those are the financial institutions that will be targeted.

#6. SMS attacks — “Smishing” is the attack that comes through the Short Message Service (SMS) or text venue, onto a smart phone or a cell phone. Where the criminals are able to get the information from the customer, they then turn and clone the ATM or debit card and use it to withdraw cash.

The bank or credit union, if it is not checking for the CVV value, or the full name or expiration date, and just accepts the card transaction, will be hit with counterfeit cards made from data taken in this type of attack.

#7. Malware — Security researchers say they have found malware code that lets a criminal take control over ATMs. SpiderLabs, the forensics and research arm of TrustWave, found a Trojan family of malware that infected 20 ATMs in Eastern Europe. The researchers warn that the malware may be headed toward African Banks and credit unions, as well as other parts of the world. The malware lets criminals take over the ATM to steal data, PINs and cash.

How to Stop ATM Fraud

ATM fraud is a matter of utmost concern to ATM owners and operators. Tanzania Banks recognizes the importance of maintaining consumer confidence in the ATM channel and would like to share with you information that can help you reduce your risk regarding ATM fraud.

How to prevent ATM fraud:

Safeguard your personal identification number (PIN) – don’t write it down on your card and don’t give it to anyone, not even a relative who isn’t a co-owner of your account. Please note that no transaction can be performed without the card and Pin being used simultaneously.

When you receive your card, sign it immediately on the back, in case your card gets stolen. Advice your bank immediately should your card get stolen.

When you enter your PIN at the ATM, make sure that no one sees it –stand as close as possible to the ATM and be aware of your surroundings.

Don’t allow anyone to ‘assist’ you with your transaction. Do not allow anyone to distract you. Always remember to complete the transaction and remove your money, card and receipt immediately. Do not leave receipts at the machine. If anyone around an ATM makes you feel uneasy leave the area and use another machine. Trust your instincts.

Make sure the card you take from the machine is yours

Check your cards regularly to make sure that you have them all – especially credit cards.

Don’t lend your card to anyone – not even your children. Contact us for cards for your children.

If your card gets lost or stolen, please report it immediately so that the card can be stopped.

Do not give your card as security to “loan sharks”.

Immediately notify your bank if you notice a recording device or something suspicious at a machine; or you receive an unsolicited call or e-mail asking for personal information, such as your account number and PIN. Also, immediately notify your card issuer about an authorized ATM or debit card transaction on your account.

Open credit/debit card statements promptly and make sure there are no unauthorized transactions. Treat your credit/debit card statement like your cheque account and reconcile it monthly. Save your receipts so you can compare them with your monthly statement. Ask your bank for full information about any transactions on the statement that you cannot reconcile.

Useful Tips:

* Always be alert when approaching and using an ATM. Complete your transaction as soon as possible.
* When you withdraw cash, take the cash immediately before you take your ATM receipt. When you collect your cash, immediately put it into your pocket or purse and count it later in private. The idea is to give a would-be robber less time to target you and steal your cash, wallet or purse.
* Ensure that the amount you wish to withdraw is keyed in correctly.
* Your card will be temporary locked out for 24 hours if your PIN is keyed incorrectly after three consecutive attempts – so please remember your PIN.
* Please keep your ATM receipt for record purposes, especially if you need to enquire about the transaction at a later stage.
* Avoid ATMS where there are a lot of people grouping together – especially at month-end.
* If you are a CRDB Card holder, make use of CRDB ATMs – you pay higher fees if you use other bank’s machines.
* Always remember three key aspects, your cash, your card and your receipt.

Please report lost or stolen cards at the Customer Service Department at your Local Bank branches Or Nearest Police Post

Yona f Maro
www.bidiiforums.com


Yona Fares Maro
I.T. Specialist and Digital Security Consultant

– – –
Date: Sun, 28 Jun 2009 21:19:24 +0300
From: Yona Fares Maro
Subject: ATM FRAUD A GROWING THREAT TO BANKS

Leave a Reply

Your email address will not be published. Required fields are marked *