8/3/2019 ATM Scams

1/38

1

Inventory of ATM Scams & Crimes

Last updated May 2005 produced by ATMIA for GASA

8/3/2019 ATM Scams

2/38

2

Table of ContentsDefinition of ATM Crime Slide 3! Scam/Crime 1 Skimming Slide 4-14! Scam/Crime 2 Card Trapping Slide 15-21! Scam/Crime 3 Card Swapping Slide 22! Scam/Crime 4 Distraction Thefts at ATMs Slide 23! Scam/Crime 5 Cash Trapping Slide 24! Scam/Crime 6 Robbery & muggings at ATMs Slide 25

Attacks against cardholders Slide 25Cash in Transit attacks Slide 26

! Scam/Crime 7 Illegal Diversions at ATMs Slide 27! Scam/Crime 8 ATM Burglaries Slide 28! Scam/Crime 9 Ram Raids Slide 29-30! Scam/Crime 10 ATM Vandalism Slide 31! Scam/Crime 11 Fake ATMs & Dummy Overlays Slide 32-33! Scam/Crime 12 ATM Crypto Attack Slide 34! Scam/Crime 13 ATM Cyber Attack Slide 35! Scam/Crime 14 Transaction Reversal Fraud Slide 36! Scam/Crime 15 Card & PIN Phishing Slide 37

Acknowledgments Slide 38

8/3/2019 ATM Scams

3/38

3

Inventory of ATM Scams & Crimes! Definition of ATM Crime

When we talk about ATM crime, we are talking about a crime, whether prosecuted or not,

that would not have occurred but for the presence of the ATM system. In other words, to

qualify as an ATM crime, the ATM, and the (cash or money) value it contains or dispenses,must be a target of the crime. Crimes can be defined by their end product or output, by

asking the question: What was the intended outcome of the crime? Criminal intention,

criminal meansand criminal output together seem to make up the essence of crime. Since

cash-dispensing is the ATMs reason for existence, the intended outcome of most of ATM

Crimes should be seen as the illegal procurement of cash or money value channelled

through the ATM network. An ATM is a machine that performs automated teller functions.

Any activity which contributes towards the removal (or attempted removal) of cash at any

point in the automated teller process, including during any of its ancillary or support

processes, should fall under ATM crime.[From GASAs International ATM Crime Directory, published 2004, p.2]

8/3/2019 ATM Scams

4/38

4

Scam/ Crime 1 - Skimming! Definition

Illegal copying of a bank cards security andidentification data via a card reading device,coupled with PIN misappropriation viashoulder surfing, miniature camera, electronicrecording or long-range surveillance methods.

The cardholders information is thentransferred onto another card, often a piece ofvirgin white plastic or other readily availableplastic i.e. mobile phone top-up cards orsupermarket loyalty cards. The counterfeitcard is then used, in conjunction with thecorresponding PIN, to withdraw funds atATMs, usually where there is no CCTV.

! Major TypesHand-held skimmers; ATM overlays; falsecard readers; modified POS devices

!

GASA Security TipsHourly checking of ATM interface; install skimmingdevice detectors; cardholder security education onPIN protection; surveillance; defensible space and/orATM mirror to prevent shoulder surfing; CCTV tocapture images of fraudsters, especially out of officehours when these crimes mostly take place.

FALSE slot Fixed to

the original card slot.(Same color andsticker ). Containsadditional card readerto copy your cardinformation ..andduplicate your card

8/3/2019 ATM Scams

5/38

5

Scam/ Crime 1 Skimming Shoulder

surfing the PIN

NOTING PIN NUMBER

8/3/2019 ATM Scams

6/38

6

Scam/ Crime 1 - Skimming! A New Variation on the Skimming

Theme

Fraudsters are posing as bankemployees at ATMs and informingclients that the latest bank procedure isfor them to swipe their cards through acard reader. The skimming device used

by fraudsters is either attached to theATM or held by hand.

The bank employee, dressed in a bankuniform, then tricks the customer intorevealing his/her PIN.

8/3/2019 ATM Scams

7/38

7

Scam/ Crime 1 - Skimming

! Another Variation on the

Skimming ThemeFraudsters have been

known to use standaloneskimmers on apresentation board posingas a card cleaner, trickingcardholders into being

skimmed.

8/3/2019 ATM Scams

8/38

8

Scam/ Crime 1 - SkimmingThe micro camera atthe side can view theKEYPAD and alsothe monitor to send

wireless picture upto 200metres.

False pamphlet box affixed to the ATM cubicle side

There is a hiddenmicro camera at the

side of the box

8/3/2019 ATM Scams

9/38

9

Scam/ Crime 1 - Skimming

Camera positioned atcorrect angle to viewkeypad and monitor

Camera Battery;

Transmission Antenna

Inside the pamphlet box

8/3/2019 ATM Scams

10/38

10

Scam/ Crime 1 - Skimming

Note that false card readers can be installed in lightening criminal operations for short

periods from 15-20 minutes, in order to avoid detection, during which time several cardscan be compromised. This kind of threat necessitates very regular checking of the ATMinterface by trained staff and also reinforces the need for proper placement of ATMs inwell-lit, prominent spots.

8/3/2019 ATM Scams

11/38

11

Scam/ Crime 1 - Skimming -models

8/3/2019 ATM Scams

12/38

12

Scam/ Crime 1 - Skimming -models

8/3/2019 ATM Scams

13/38

13

Scam/ Crime 1 - Lobby Door Skimming! Definition

Here false skimming devices are attachedto the entry points of a bank lobby door toillegally copy information encoded on thebank cards magnetic stripe. The skimmer

could either be placed inside the door entrydevice or placed above or below it so thatthe customers card will be swiped.Fraudsters remove the door entry device,strip the insides and replace them with theirown skimming equipment. PINs can thenbe obtained by shoulder surfing or through

micro-cameras or as a result of GoodSamaritan deception tactics.

! GASA Security Tips

Hourly checking of lobby access point;install skimming device detectors;cardholder security education; surveillance;replacement of swipe mechanism withpush-button activation.

8/3/2019 ATM Scams

14/38

14

Scam/ Crime 1 - Lobby Door Skimming

8/3/2019 ATM Scams

15/38

15

Scam/ Crime 2 Card Trapping! Definition

The theft of a customers card through tampering with the card reader to ensure the card remains stuckinside the card slot and cannot be returned to the customer after it has been inserted. In this scam, theATM will not register that a card has been entered, so the screen does not change or request theperson to enter his PIN.

This crime involves affixing a device to the card reader/slot, typically a loop of material or plastic Vfitted to a false card slot and then placed over or into the genuine card reader. Once the card is trappedthe fraudster poses as a fellow customer and Good Samaritan and offers assistance, advising thecustomer to enter their PIN to release the card. This does not release the card and only serves as away for the fraudster to observe the PIN. [Dip" or "swipe" card readers are not susceptible to this typeof scam because the card never fully enters the ATM on those particular models.] The customerbelieves the card has been retained and leaves the ATM. Fraudsters then remove the device and cardand subsequently use the card fraudulently, often before the cardholder has reported the incident.

! TypesFuse wire Lebanese Loop VHS tape Romanian LoopWater bottle Algerian V Tape measure Builders Loop

! GASA Security Tips

Card trapping is comparatively easy to prevent by educating cardholders about never accepting help

from a stranger at ATMs. Most major ATM manufacturers have enhanced newer designs that preventthe insertion of foreign objects into the card reader. We recommend daily checking of ATM interface inaddition to cardholder security education. The use of a painted defensible space around the ATM willhelp reduce interference from fraudsters. Note that captured cards can be used by criminals with orwithout a PIN - signature-based cards, for example, can be removed and used for point-of-saletransactions instead of cash withdrawals.

8/3/2019 ATM Scams

16/38

16

Scam/ Crime 2 Card Trapping

Lebanese loop device

8/3/2019 ATM Scams

17/38

17

Scam/ Crime 2 Card Trapping

Entry Flap Fixed at top

Loop fixed to top and

bottom of entry flap

Entry Flap

Doublesided Bank Card Card forces entry flap up

Sticky Tape

Loop made from

VHS video cassette tape

Card blocked by loop and entry flap

Lebanese Loop Card Trap

Not To Scale

Side View

Card Insertion

Card Inserted

Front View

Back View

Not To Scale

8/3/2019 ATM Scams

18/38

18

Scam/ Crime 2 Card Trapping

! This fraudster is rigging the cardreader to capture the card of the nextperson who uses the machine.

8/3/2019 ATM Scams

19/38

19

Scam/ Crime 2 Card Trapping

! Here the fraudster pretends to render assistance. What heis in fact trying to do is obtain the customers PIN now thathe has captured the card.

8/3/2019 ATM Scams

20/38

20

Scam/ Crime 2 Card Trapping

! He convinces the customer that he would be able toretrieve his card if he entered his PIN while he holds downboth the cancel and the enter buttons.

8/3/2019 ATM Scams

21/38

21

Scam/ Crime 2 Card Trapping

! Variation on Card Trapping the thin plasticsleeve ploy

A thin plastic sleeve is inserted into the card reader to trap the card

AND to prevent the ATM from reading the magnetic stripe data.

The ATM repeatedly asks the customer to enter his PIN number.

The fraudster observes the customers PIN being tapped in. When the

victim leaves, thinking the ATM has swallowed his card, the thief

removes both the plastic sleeve and the card.

8/3/2019 ATM Scams

22/38

22

Scam/ Crime 3 Card Swapping! Definition

This is a card theft trick whereby a fraudster poses at an ATM as a Good Samaritan afterforcing the ATM to malfunction and then uses a sleight of hand to substitute the customerscard with an old bank card, observing the customer entering his PIN (which of course does notwork for the old card). The malfunction may involve freezing the ATM by entering a specificsequence of zeros on the keypad (this method of operation can only be performed on certain machines).The ATM does not switch off or show any obvious sign of being tampered with. The victim tries to insert hiscard in the reader, the ATM reader slot will not properly open so the card will not go all the way in. The thiefcomes along and offers his assistance by pretending to push the victims card into the slot. While doing so,he either swaps the card or steals it. A further twist can occur when the fraudster offers to call thebanks card loss division for the customer, either to obtain the PIN number if that has not

already been achieved OR to delay the reporting of the problem by the customer to but timefor more fraudulent withdrawals. Once the card has been swapped, the thief offers to call thebanks card loss division to cancel the card on the victims behalf, using his cell phone. At theother end of the phone is a member of the syndicate.

! GASA Security Tip

Customer education, customer education and customer education! In addition,surveillance and checking the interface of the ATM regularly.

8/3/2019 ATM Scams

23/38

23

Scam/ Crime 4 Distraction Thefts at ATMs

! Definition

Methods of stealing at, or in the vicinity of, ATMs, varying from pick-pocketing to some types of card swapping , which involve breaking theconcentration of the customer in order to carry out the crime undetectedby the victim. Typically a victim is observed withdrawing large sums ofcash from either the ATM or over the branch counter. The fraudsterswait for them to leave and approach them in the street by squirting asubstance over them. Then they pose as well meaning passers-byoffering to wipe the mess from the victims clothing whilst pick pocketingthem at the same time. Fraudsters often operate in groups so that one ofthem can distract the customer while someone else swaps or swipes thecard.

! GASA Security TipCustomer education programmes should warn customers never to

accept help from strangers at ATMs. Customers should be vigilant andaware of their surroundings at all times especially when leaving thepremises.

8/3/2019 ATM Scams

24/38

24

Scam/ Crime 5 Cash Trapping

! Definition

The illegal interference with the ATMs cash dispensing function so that thecash will be trapped and later stolen after the victim has departed from theATM. This tampering is targeted at ATMs using the spray cash dispensingmethod the obstruction inserted by the fraudster prevents the notes frombeing dispensed into the cash tray.

Cash trapping can take place at any type of machine.

! GASA Security Tip

Hourly checking of all cash machines for any signs of tampering.

8/3/2019 ATM Scams

25/38

25

Scam/ Crime 6 Robbery & muggings at ATMs

- attacks against cardholders

! Definition

The use of force to steal cash from a customer using an ATM. Most robberies atATMs are committed by a lone offender, using a weapon, against a lone victim,usually at night (with the highest risk between midnight and 4 am), after a cashwithdrawal. Police estimate about 15% of victims are injured during the robbery.

Forced ATM withdrawals occur when criminals take cardholders against their will to

an ATM and force them to withdraw cash, sometimes at gunpoint. Forcedwithdrawals typically do not originate at the ATM but tend to form part of asequence of multiple crimes like home invasions, abductions and assaults.

! GASA Security Tip

High rates of street robbery, including ATM robbery, are likely to coincide with crackcocaine or other drug markets; industry should work with police to root out localdrug territories; customer education programmes should stress that customersshould avoid poorly lit and isolated ATMs, especially during the middle of the night.

8/3/2019 ATM Scams

26/38

26

Scam/ Crime 6 Robbery & muggings at ATMs

Cash in Transit attacks! Definition

Inside Premises attacks

Take place when the cash carrier is replenishing cash within the premises where theATM is located. Typically, a gang enters the ATM area prior to arrival of the crew andlays an ambush. Weapons and extreme violence may be used. The cash carrier isforced to handover the cash.

Cross Pavement attacks

Various modus operandi are employed, the most common of which is to attack thecash carrier after the cash cassettes have been removed from the Armoured Vehiclefor delivery to the ATM in order to snatch the cassettes. Weapons and extremeviolence may be used.

! GASA Security Tip

GASA has produced a security best practice manual for ATM cash replenishmentwhich should be consulted by all cash carriers.

8/3/2019 ATM Scams

27/38

27

Scam/ Crime 7 Illegal Diversions at ATMs

! Definition

The use of false out of order notices and other diversionary signsintended to channel customers to ATMs situated in quieter, less securespots, where a variety of ATM crimes can occur, such as skimming,robbery, cash trapping, etc See also ATM Vandalism (Scam/Crime 10)as a possible diversionary tactic.

! GASA Security Tip

Customer education programmes should stress that customers need tosteer clear of ATMs which are isolated or perceived as poorly lit.

8/3/2019 ATM Scams

28/38

28

Scam/ Crime 8 ATM Burglaries

! Definition

The use of force, usually involving technology like angle grinders, blow torches,and explosives to break into the inside of an ATM on site in order to steal the cash

stored in the machine.

! GASA Security Tip

Physical protective measures like alarms, CCTV, security guards, smoke and dye

systems may be employed. For convenience ATMs, merchant fill models whereby

merchants remove cash from the ATM as they would from the till after closing,

leaving the ATM open and providing a notice to indicate there is no moneyin the ATM, can provide a low-cost deterrent to burglaries by taking away the

criminal reward and target for the crime.

8/3/2019 ATM Scams

29/38

29

Scam/ Crime 9 Ram Raids! Definition

Ram raids often take place in the early hours of the morning in areas where police times might beslower than normal.

Externally sited ATMs

Highly organised activity often involving the use of 3 vehicles and industrial equipment. ATM surroundis chiselled out and an industrial wire is placed around the machine. Transit van is reversed towardsthe ATM, wire is fed through the back and front of (windscreens removed) and attached to a tow bar ona 4x4. The 4x4 pulls away and drags the ATM whole into the rear of the van.

Internally sited ATMs

Free-standing ATM is lassoed, lasso is then tied to a vehicle which pulls away and removes the ATMaway from anchoring. ATM stolen whole. Cash later removed from cassettes away from premises.Cash is then removed from the scene to avoid detection by tracking device.

! GASA Security Tip

Physical protective measures like bollards, anti-lasso devices, alarms, CCTV, security guards, smokeand dye systems may be employed. Merchant fill models whereby merchants remove cash from theATM as they would from the till after closing, leaving the ATM open and providing a notice to indicatethere is no money in the ATM, can provide a low-cost deterrent to ram raids by taking away the criminalreward and target for the crime.

8/3/2019 ATM Scams

30/38

30

Scam/ Crime 9 Ram Raids

Crimes Making The HeadlinesCrimes Making The Headlines

8/3/2019 ATM Scams

31/38

31

Scam/ Crime 10 ATM Vandalism

" Definition

The defacing of an ATM either as a random act of damage to property or as adeliberate ploy to divert ATM users to ATMs which are more isolated and poorly litand where the criminals may be waiting to commit their crimes.

" GASA Security Tip

Customer education programmes should stress that customers need to steerclear of ATMs which are isolated or perceived as poorly lit.

8/3/2019 ATM Scams

32/38

32

Scam/ Crime no 11 Fake ATMs & Dummy Overlays

! Definition

Bogus ATMs, some of which can dispensecash, installed in non-bank premises for shortperiods of time to capture cards and recordPINs.

Dummy covers can be placed over part or allof the ATM interface which can trap cash orcards or both. False PIN pads can be used to

record customer PINs, often in conjunction withskimming devices.

! GASA Security Tip

We recommend hourly checking of the ATM

interface in addition to cardholder securityeducation.

False ATM Pin pad

8/3/2019 ATM Scams

33/38

33

Scam/ Crime no 11 Fake ATMs & Dummy

Overlays

Casio palmcomputer

MagTek bi-directionalswipe reader

8/3/2019 ATM Scams

34/38

34

Scam/ Crime no 12ATM Crypto Attack

! Definition

PIN data encrypted in messages from the ATM to the Acquiring Host arecompromised using Cryptographic analysis techniques. The compromised data

is processed and relayed and new counterfeit cards are created for use with the

genuine but compromised PIN.

! GASA Security Tip

Triple DES encryption.

8/3/2019 ATM Scams

35/38

35

Scam/ Crime no 13ATM Cyber Attack

! Definition

When an ATM system is deliberately disrupted, damaged or compromised throughunauthorised cyber penetration, including through hacking, viruses, Trojans or

worms. The aim could be to destroy or obtain data or to undermine trust in the ATM

and in financial networks in general.

! GASA Security Tip

GASA has produced a General Cyber Security Manual and an ATM Cyber Security

Manual for ATMs with Windows XP operating systems, as well as a white paper on

a Continuous Cyber Security Process (CCSP).

8/3/2019 ATM Scams

36/38

36

Scam/ Crime no 14Transaction Reversal Fraud

! Definition

This scam may fall under legitimate cardholder ATM crimes that is, when acardholder defrauds his/her bank through misuse of his/her legitimate ATM cardand/or the ATM system. Transaction reversal fraud involves tricking the ATMinto not debiting some of the cash that has been taken or manipulating the ATM topay more than the balance available on the account.

Type 1. A manipulation device (clips / fingers) placed within the cash dispenserslot to interfere with the transit of cash from the cassette to the dispenser.Transaction undertaken, funds issued and removed by fraudster, however theinterference in the dispenser prevents the ATM from completing the cycle, ATMassumes the money is purged and not dispensed to customer. Activity ofteninvolves stolen card/PIN. Type 2. Transaction undertaken and notes dispensed.Some of the notes are carefully removed. ATM times-out and notes that remainare retracted into the purge bin. ATM unable to count the number of notesretracted and assumes the transaction hasnt completed and the notes haventbeen dispensed and the customers account is not debited.

!

GASA Security Tip

Reassess the cash dispensing functionality and system to prevent manipulation.

8/3/2019 ATM Scams

37/38

37

Scam/ Crime no 15Card and PIN Phishing

! DefinitionFastest growing ATM card fraud loss type inUS is Phishing fraud. International Problem

criminals target financial institutions inmultiple countries and moving to smallersized financial institutions. Criminalsorganizations are based in the US, Russia,Former Eastern Bloc and Asia. ATM fraudidentified in Romania, Russia, UK, Vietnam,Spain, US, Turkey, China, Mexico,Columbia, Germany, Canada and Kenya.Email and Trojan attacks are merging andbecoming much more sophisticated.

! GASA Security TipUse Card Based PIN Offsets or CVV / CVCverification for PIN transactionauthorizations if not using Card Based PIN

Offsets. Resist sending legitimate emails tocustomers with log on links. Use alternateinformation instead of ATM PIN numbers foruser validation at online banking sites.Implement 2 Factor user authentication forInternet based online banking systems inaddition to cardholder security education.

8/3/2019 ATM Scams

38/38

38

Acknowledgments

" APACS online Cash Machine Crime Directory & Picture Gallery

"Martin Lewis, Chairman, ATM Crime Group, APACS

" Fair Isaac

" GASA

" SABRIC

" EAST (European ATM Security Team)

" Banking Ombudsman, SA

" Alan Townsend, Crime Prevention Co-ordinator, Flying Squad

" Graham McKay, ATMIA