THE KESSLER REPORT Continued
FRAUDBUSTERS® Technology Edition
Volume 9 - No. 1 Download PDF
In this edition of
Automatic Thieving Machines: ATM Frauds Exposed
a relatively mundane, everyday type of task… you go to the ATM, you
slide in your card, you type in your PIN, you take your cash and you
leave. You've probably
done it hundreds, maybe thousands of times, and chances are you don't
often give security a second thought.
Sure, you keep your PIN a secret and you keep a close watch
behind you in bad neighborhoods, but most people don't expect to get
robbed at their local bank or corner deli during business hours.
And that's exactly what the criminals want.
Because even though you might be looking over your shoulder for
hoodlums, today's technologically-advanced rip-offs often occur right
in front of the victim's nose.
surveillance and other safety features have been integrated over the
years into ATMs, old tricks of the trade have lessened in popularity
with crooks. These days,
instead of sticking a gun in someone's back or smashing open the
machine, thieves often rely on technology to reap ill-gotten gains.
Increasingly sophisticated scams can range from simple card
skimmers to complex data wiretaps, and victims usually don't know
they've been cheated until they try to withdraw funds from an empty
account. Even more
alarming, the victim usually plays a major part in the outlaw's
success, unwittingly giving their PIN away to a total stranger!
In fact, most scams rely almost solely on the gullibility and
the trusting nature of people who don't know how to spot an impending
case of identity fraud.
the scam consists of two physical pieces of equipment that are
attached to the ATM. First,
a skimmer that is designed to look like the card slot of that
particular machine is attached, typically secured with double-sided
tape. This device often
looks very authentic, and only the very vigilant notice the
difference. Sometimes this
skimmer allows the ATM to function normally and sometimes it is just a
false front, but either way it reads the info on the card.
In one creative (and successful) scam, a skimmer was disguised
and labeled as a "card cleaner," which people actually used
to clean the magnetic stripe on their cards!
second piece of equipment is a small camera, usually embedded in a
long strip or other seemingly innocuous item (such as a brochure
holder) that is attached to the top or side of the ATM.
This camera records the PINs that are input by bank customers.
While this method is most common, some sophisticated skimming
devices are able to record PINs, and some crooks place a transparent
plastic overlay on the keypad, which customers think is to keep the
keypad clean, when in reality microchips in the device record every
keystroke. The thieves
then take all this information and produce phony bank cards with
equipment that often costs less than $200.
At that point, it's only a matter of visiting any ATM to
withdraw as much money as they can.
relatively new scam involves a simple, often crude device commonly
known as the "Lebanese Loop."
The apparatus used is basically a thin piece of magnetic tape
(such as videotape) or other piece of plastic that, when inserted into
an ATM card slot (excluding those that use the "dip"
method), will prevent the machine from reading cards, trapping them
inside the slot. In most
cases, when someone loses their card inside the slot, a
"helpful" stranger advises them to input their PIN a couple
times and press the cancel button, claiming it will release the card.
When this doesn't work, the frustrated customer leaves,
assuming the machine has simply devoured the card.
Of course, all the crook has to do now is remove the tiny
contraption, retrieve the card, and use the PIN that was acquired by
looking over the victim's shoulder (an oft-used method called
"shoulder surfing") to withdraw cash from any ATM location
type of ruse is perpetrated by particularly ambitious thieves who make
an investment in their pilfering, purchasing their own ATM and rigging
it to collect customer information.
ATMs are widely available for purchase by individuals and
businesses, often for less than a couple thousand dollars.
These machines are generally placed in small stores and other
convenient locales, much like legitimate ATMs.
In fact, some fraudsters will even post "out of
order" signs on the real machines that point customers directly
toward the phony one! For
successful crooks, the new machine is easily paid off after a few
withdrawals, and once they've pocketed enough cash, it's off to the
out the modern scams is something that's more or less high-tech
robbery, something that most people could only imagine happening in a
wiretaps or "listening devices" can be used, primarily on
stand-alone ATMs (like those at a mall or convenience store), to
intercept and sometimes even change information that is shared between
the machine and the computer system it connects to, wherever that may
be. With a few special
skills and a laptop computer, countless account numbers and PINs can
be recorded and copied to fraudulent cards.
course, there are plenty of lower-tech cons that target the naïve
bank customer. One of the
more popular schemes is for the shyster to call an ATM user whose card
he has found or stolen, posing as a bank employee, police officer or
other authority. The PIN
is obtained by telling the user that it is required by law to give
their PIN to recover the lost card, or that they must verify their old
PIN to obtain a new one. Either
way, many people readily give up their number in order to comply with
the supposed law, and soon find their bank account is a lot lighter.
to Fend Off ATM Fraud
there is no reason for anyone to simply dismiss safety and privacy
when it comes to ATM use. This
type of fraud cost American banks an estimated $51 million in 2002,
and both financial institutions and ATM manufacturers are taking
sophisticated alarm systems, tamper-proofing methods, and other types
of protection are being developed, such as software that can track ATM
users' spending habits, flagging unusual transactions and even
geographical anomalies, just in case someone halfway across the globe
decides to use your card the same day as you.
Some legislators want to take it a step further, and create
laws that would make background checks and licensing requirements
mandatory for those who wish to purchase and operate an ATM.
Clearly, the industry is hoping to curtail the progress of
thieves as much as possible.
However, the losses eventually become more than just the corporations' problem, as user fees continue to pile up to compensate for the damages. Thankfully, even the simplest measures can keep you from becoming a victim of yet another ATM flimflam:
Never, under any
circumstances, give your PIN to anyone, write it on your card, or
leave it in your wallet or purse.
Make sure nobody can see
you punch in your PIN. Stand
close to the machine and use your hand to shield the keypad.
Key in your PIN only when
prompted by the ATM screen.
Try to avoid stand-alone
ATMs if possible. These
are usually privately-owned and more susceptible to fraud.
Use a bank ATM instead.
Avoid ATMs in poorly-lit
or generally unsafe areas, and leave immediately if you feel
suspicious of people nearby.
Never accept help from
strangers when using an ATM, and always be wary of people asking for
Never use an ATM with a
Inspect the machine for
any signs of tampering, such as false card slots or Lebanese Loop
Never count your cash at
the ATM. Put it away and
count it in a safe location.
Cancel your card
immediately if it is lost, stolen, or retained by an ATM, and report
the incident to your bank or police.
Lower your withdrawal
limits to an amount that suits you, but will not allow potential
crooks to empty your account.
• And finally… don't forget your card!
While guidelines such as these seem like common sense, a majority of people tend to be relatively careless in their ATM use, and that's exactly what the criminals are banking on. By keeping these tips in mind, you'll be able to stay a step ahead of the scoundrels who aim to cheat the system, and you can rest easy knowing that your identity is safe.
Copyright © Michael G. Kessler & Associates, Ltd. 2004. All rights reserved.