ATM fraud & security consultancy and training services.
2009 - Skimming Review |
Written by Douglas Russell | |||
Tuesday, 19 January 2010 14:58 | |||
While it may be too early to prove the relationship between the global economic slowdown and ATM crime, ATM skimming activity certainly appeared to grow globally throughout 2009. The following article includes extracts from the ATMsecurity.com monthly digests published in 2009: January 2009 Australian police recovered an ATM skimming device following a report from an alert consumer who had experienced difficulty inserting their card into the ATM card reader. A South African victim discovered R18,500 had been illegally taken from their account following an incident at an ATM. While the victim was attempting to use an ATM he experienced difficulty and a ‘helpful-stranger' dressed like an employee of the bank offered assistance. From the victim's statement, it appears the fake bank employee gained temporary access to the card and skimmed the data before returning the card to the victim. Shoulder surfing is suspected of being used to obtain the PIN. Two petrol (gas) stations are under suspicion following at least 1000 incidents of card and PIN compromise in the UK during January. Fraudulent spend has been identified in Canada, India and Ghana. In the US, an ATM skimming suspect was arrested following a report from a member of the public who became suspicious after using a drive-up ATM. One of the two ATMs at the location was apparently out-of-order and the consumer noticed that after driving away from the working machine that a male suspect walked up to the ATM he had just used. Life assistance company CPP released statistics following a study of fraud in the UK. According to their figures, 25% of the British population were victims of card fraud in the last year. The average loss per incident was £650 and 5% of victims experienced losses of more than £2000. Reports from Germany estimate that skimming attempts increased 70% during 2008. Police in Finland, which has typically experienced a very low number of ATM skimming attacks, have raised concerns that with the adoption of the Single European Payments Act (SEPA) and the requirement for all cards to work throughout the zone, it will lead to an influx of ATM skimming attacks from neighbouring countries. Authorities in the UAE have made calls for the banks in the region to adopt Chip and PIN technology. February 2009 Police in Canada arrested a group thought to be behind a significant skimming operation. Along with high value luxury goods and re-encoded cards, equipment used to compromise cards and PINs at ATMs were recovered. In Thailand, two female Romanian tourists with links to London, UK were arrested while using cloned cards at ATMs. A search of their hotel room uncovered 140 further cloned cards. The suspects claim they were asked to use the cards to withdraw the cash by a friend in the UK. Various seizures and arrests were made in the UK during February covering ATM skimming attacks as well as compromised POS terminals. A father and daughter were found guilty of conspiracy and other charges which involved around 500 compromised cards and the seizure of ATM false fronts with skimmers and miniature cameras. An apparent increase in US incidents was recorded during February. Incidents included charges made against two Bulgarian nationals in Atlanta. An ATM skimming incident in New York City netted criminals $40k. CCTV images of a suspect attaching a skimming device to an ATM in Florida were released. In the Caribbean, St Kitts, Nevis, St Lucia and Antigua reported ATM skimming activity during February. A survey carried out by Harris Interactive on behalf of Level Four Americas found that 24% of American consumers would be likely or very likely to consider switching primary financial institutions in the case of an ATM security compromise. March 2009 Three Romanian nationals were arrested by police in Malta suspected of using cloned cards to withdraw a significant amount of cash from ATMs on the island. In addition to enforcement operations, Maltese police launched a poster campaign in March to raise consumers' awareness of ATM crime. In Thailand, a Malaysian suspect was held by police, accused of ATM skimming along with others of unknown nationality. The suspect was also charged with attempting to bribe police officers. The police officers pretended to agree to the bribe and as a result some of the losses were recovered via funds transfer from Malaysia to Thai authorities. In another incident, a British national was sentenced by a Thai court to more than 18 years in prison for making withdrawals using cloned cards. The suspect had pleaded guilty to the offence. Police in Dubai, UAE, released statistics in March which showed that there were 322 financial related crimes reported and more than 600 individuals charged in 2008. In the first two months of 2009, sixty two financial related crimes were reported and 103 persons charged. These statistics include the recovery of 500 cloned cards used to obtain cash from ATMs in February. ATM skimming in the UK continued throughout March. Industry body, APACS ,reported that card fraud increased by 14% in 2008 to almost £610million. ATM specific fraud increased by 31% and accounted for £45.7million in losses reported in 2008. ATM skimming in the USA continued to be reported during March with incidents noted in various states including PA, FL, NJ and CT. Australia continued to experience a number of ATM skimming incidents during March. One incident alone is estimated to have resulted in AUD $ 500,000 of losses. Five suspects from Romania were arrested. In another incident a disguised, video-enabled, cell phone used to record PIN entry fell off of an ATM and was recovered. Macedonian police arrested two Bulgarian nationals who were caught using cloned cards at ATMs to fraudulently withdraw funds. Twelve suspects were arrested by Canadian police following possible point of sale (POS) / pin entry device (PED) compromises. April 2009 In the USA, skimming incidents occurred in various states (IL, GA, NJ, GA, NV, FL, CA, SC, MD, and NY) and included ATM skimming as well as Fuel-pump skimming. In California (CA), maintenance engineers recovered a fuel-pump skimmer while investigating the reason for a malfunction. In Nevada, three ATM skimming devices and four hand held skimmers were recovered. Various arrests were made in Canada including two following the swapping of a POS device with one modified to skim card details Two Romanian nationals in New Zealand pleaded guilty to ATM skimming. In Australia, multiple arrests were made including suspects from Romania and Bulgaria. Tightening of legislation was called for to make it a specific offence to manufacture or possess skimming equipment. Multiple incidents of ATM and POS skimming occurred in the UK during April. In one incident a bogus engineer is understood to have tampered with a Chip and PIN machine at a fuel (petrol) station. Victims of the card and PIN compromise demonstrated their outrage by publishing an on-line protest on a Facebook web group, attracting in excess of 600 ‘members'. In a separate incident, also involving a fuel station, victims expressed outrage that the station was continuing to accept card transactions while the operators had been aware that the terminal may have been compromised. In a third incident involving a fuel station, an employee was caught by his manager and a spy camera, positioned above the ATM keyboard, was recovered. The manager had noticed a small hole in the ceiling tiles above the ATM. The employee (originally from Sri Lanka) was accused of a potential £4m plot although actual losses were estimated at £53,000. Two Romanian nationals were found guilty in April after being caught with a small blow-torch which was used to remove an anti-skimming feature from an ATM. Card cloners of Chinese origin were found guilty of a £3.5m card fraud (obtained within one week) which exploited a temporary laps of bank security protocols and were sentenced to a total of 18 years in prison during April. An investigation in Greece into ATM fraud benefitted from bank and police cooperation leading to the arrest of Romanian and Bulgarian nationals suspected of ATM skimming. In South Africa, shoulder surfing was used by a ‘helpful stranger' to observe PIN entry while a hand held skimmer was used to skim the card. Nearby ATMs had been sabotaged by jamming the card slots which caused victims to use the ATM targeted by the perpetrators. ATM skimming devices and spy cameras were recovered in Vietnam during April. In Botswana, a joint operation involving law enforcement from the UK, USA and Ghana disrupted a P1m scam using compromised cards to extort local tour operators. May 2009 China experienced ATM skimming in May. In one incident an alert consumer reported a suspicious square box attached to an ATM. An ATM skimmer and spy camera were recovered. One victim in China had 150,000 Yuan taken from his account. CCTV recorded the fraudulent spend (transaction). In Guyana, two suspects were arrested in May using cloned cards and PINs. Distraction, shoulder surfing and hand held skimming was reported in Namibia. Two arrests were made in May. The technique included the perpetrator hitting the cancel key on the ATM keyboard to gain temporary possession of the card which was copied using a hand held skimming device. ATM skimming in the USA continued to gather momentum during May. Incidents were reported in MD, NC, CA, DC, NY, FL, ND and CO. ATM skimming devices were recovered in CO, MD and CA. In CA, four suspects were charged for an estimated $400,000 of losses. Weapons and drugs were also seized. In DC, a suspect is facing up to a five year prison sentence after pleading guilty to skimming losses of $200,000. In an incident related to ATM skimming in NY, four Romanian suspects, living in FL, were arrested in what is understood to be a $1.8 million ATM fraud. Self-Service Fuel Pump skimming was detected in NV (USA) and CA (USA). The UK experienced a multitude of ATM skimming incidents during May. In Norwich an unlucky victim had their card and PIN compromised two months running. An ATM skimming device was discovered on a supermarket's ATM in Cambridgeshire. In Hertfordshire, two suspects believed to be part of a larger gang received a sixty day prison sentence. Also in Hertfordshire, various arrests were made including eleven suspects arrested following over one hundred reported ATM skimming incidents. ATM skimming devices were also recovered in Devon & Cornwall, Sussex, Buckinghamshire, Tyne & Wear among other places. In Norfolk, ATM skimming was detected along with damage to the ATM fascia. Lancashire, Yorkshire, Dorset, Kent and East Sussex also had ATM skimming activity reported in May. Chip & PIN terminal compromise was detected during May. In Hertfordshire (UK) over three hundred cards and PINs are suspected to have been compromised. In Cornwall (Canada), four members of the one family were victims of card cloning. ATM skimming devices were recovered in Ontario. Various arrests were made in Canada during May, including six suspects believed to have links with organized crime based in Sri Lanka who were arrested thanks to cooperation between Canadian bank investigators and law-enforcement. They were arrested while withdrawing cash from an ATM using multiple compromised cards. ATM skimming in Australia continued in May. ATM skimming devices were recovered in Queensland and Victoria. In Western Australia, CCTV recorded images of suspects attaching an ATM skimming device in April were released by police. A Romanian national was jailed for six months for using a door access skimming device (he was not thought to be a member of the organized crime gangs responsible for the other recent ATM skimming incidents.) Another suspect, also from Romania, was arrested in Melbourne. ATM skimming was reported in Turkey during May. Reports from The Netherlands in May estimated that Dutch banks experienced losses of Euro 31 million last year from ATM skimming which is 0.023% of transactions. June 2009 ATM skimming in the Philippines prompted the Bankers Association of the Philippines (BAP) to advise consumers to take extra care to avoid becoming victims. In the USA, ATM skimming incidents were detected in various locations, including WA, TN and MI. Fuel pump skimming was reported in CA. Many incidents occurred throughout the UK during June. Two Romanian nationals were sentenced to two years detention for using ATM skimming equipment and cameras. Separately, a number of skimming devices were recovered. In one weekend attack, an estimated 500 victims had their cards skimmed. Additionally, incidents of Chip & PIN device compromise were suspected in the UK, including at a fuel station where over 200 consumers were believed to be victims. In New Zealand, two Romanian nationals were sentenced to two years, three months detention to be followed by deportation. South Africa detected an increase in ATM skimming attacks. In one incident the perpetrator pretended to be running a competition on behalf of a bank. Targeting elderly users, the perpetrator gained temporary possession of the victims' cards and used a hand held skimming device to copy the magnetic stripe data. Shoulder surfing was used to obtain PINs. Canadian authorities charged various suspected ATM skimming perpetrators in June, including four people charged with 79 offences. The investigation spanned 20 locations identified as being targeted, and a conservative estimate of $150,000 losses attributed. Cash, eight sets of assembled ATM skimming and PIN compromise devices, 70 partially completed devices and digital records of compromised card data were seized as part of the operation. Also in Canada, a suspect was arrested after a consumer reported a compromise device falling from an ATM. In Greece, an international gang comprising Bulgarian, Greek, and Macedonian suspects were arrested for ATM skimming. Police in Macedonia requested Interpol assistance to arrest two suspects from Bulgaria who are thought to have been responsible for fraudulent use of cards to withdraw Euro 53,000 from local banks. Australian authorities have charged a criminal organization from Romania with obtaining AU$789,000 using ATM skimming equipment. July 2009 In Ireland, European Arrest Warrants were issued for two suspects linked to losses of Euro 6.5m. The organized crime syndicate is linked to 35,000 transactions and 15,000 compromised cards. 24 arrests have already been made, including eight in Italy, two in the Netherlands, two in Belgium and 12 in Romania. Two Bulgarian nationals were arrested in Tanzania in July following fraudulent spend with compromised cards totalling Sh70m. In Canada a potential victim was held in a ‘bear hug' by suspected skimmers when his card got stuck in a skimming device which he had attempted to remove. Also in Canada, police issued a warning in July about honey traps combined with shoulder surfing, distraction and hand held skimming devices. A Bulgarian-organized crime gang are understood to be behind continuing ATM skimming attacks in Australia. Separately, a Romanian national was sentenced to nine months prison in Australia for ATM skimming. Two French/Algerian suspects were arrested in Cyprus. Fraudulent spend using cloned cards was estimated at Euro 9,000. The helpful stranger method of card and PIN compromise continued to be used in July in South Africa. Also in South Africa, a female perpetrator of hand held skimming, arrested in June, was sentenced to 10 years in July. She is known as "the competition lady". An investigation into fuel pump skimming in Sweden resulted in the arrest of two Hungarian suspects in Hungary. More than 200 incidents and losses of 1.5m Kronor are attributed. 108 cards seized during the arrests included cards compromised in Sweden. Fraudulent spend also included the USA, Trinidad and The Philippines. Multiple ATM skimming incidents were again reported in the USA and the UK throughout July. USA incidents included reports from VA, CT, NY, CA, LA, MD, TX, NC and NV. Police in NV estimate that over the last 18 months, 75 skimming devices have been recovered including both fuel pump and ATM skimming devices. A convicted criminal in the UK, originally from Romania, is currently serving the second year of a five-year prison sentence. In July, authorities took steps to recover £43k of losses. Attempts to refute the sum were impaired when a picture of his baby surrounded with bundles of cash was discovered. In a separate UK incident, an alert bank clerk reported a man and a woman acting suspiciously directly across the street from an ATM. When arrested by police, the female (a Romanian citizen) admitted a previous conviction for fraud. Also in the UK, an illegal immigrant from the Ukraine claimed he was forced to perpetrate ATM skimming in order to pay back people traffickers who transported him to the UK. August 2009 In Jordan, 15 arrests were made. Various arrests were also made in Canada and elsewhere. In one Canadian incident, police investigating a break-in to a hired car uncovered evidence of card skimming. In the USA many ATM skimming incidents were detected including in the following locations: SC, NY, VA, TX, WA, IL, TN and FL. A perpetrator in WA was sentenced to four years prison and ordered to pay back $250k to the bank which had been defrauded. The ATM Industry Association (ATMIA) published "Best Practices for Preventing ATM Skimming - International minimum security guidelines and best practices" in August which includes, in addition to other useful information, an international classification system for ATM skimming and PIN compromise. The classification system was created by DFR Risk Management. September 2009 A Bulgarian national was sentenced to four and a half years detention in the USA following a guilty plea to charges of conspiracy, access device fraud and aggravated identity theft. In the UK, two Romanian nationals pleaded guilty and were sentenced to two years imprisonment to be followed by deportation. Police in Kosovo arrested two Bulgarian nationals suspected of using ATM skimming equipment and cameras to compromise cards and PINs. October 2009 In one incident alone, in the USA (TN), police estimate there were 500 victims. In Australia, an alert consumer noticed someone acting suspiciously around an ATM and subsequently pulled an ATM skimming device from the ATM. EFTPOS compromise (electronic funds transfer at point of sale ) was estimated by some reports to have reached AU$2.5 million after a fast food chain's POS terminals were targeted in Australia. In China, Malaysian suspects were arrested for ATM skimming and the use of cameras to compromise PINs. November 2009 Police in Nigeria arrested a group who claimed they purchased the skimming equipment from Malaysia. One of the suspects apparently boasted that their crime was intellectually superior to using firearms and merely robbing victims. Some of the more sophisticated skimming devices recovered in November included those which incorporated Bluetooth transmitters. An apparent payment terminal compromise at a car park in New Zealand was reported in November with an indication that there were around 100,000 potential victims - cards were blocked and re-issued in many cases following the discovery. Other incidents of significant card re-issuing included activity by Lebanese banks in November. Co-operation between law-enforcement organizations in the US and Europe included raids executed by Romanian police and the seizure of equipment used in card fraud and, in particular, ATM skimming. Charges in the USA were made against suspects in last year's sophisticated data compromise at the major US processing centre, RBS WorldPay. December 2009 In Singapore, eight suspects from Romania were charged with the use of cards compromised in the UK. Suspects, also from Romania, were arrested in Australia in December. A British suspect faced charges in Australia following a large scale EFTPOS compromise. Bulgarian suspects were linked to ATM skimming incidents in New Zealand and France during December. Visual card data compromise was reported in Nigeria, where a suspect explained how he shoulder surfed both the card and PIN details. The above article is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers, manufacturers as well as law- enforcement agencies on how to manage ATM and self-service terminal fraud and security threats. Contact us: contact@dfrRiskManagement.com
|
ATMsecurity.com is focused on ATM Fraud and ATM Security related issues, providing insight, intelligence and information via ATM security news, the ATM security knowledge centre, and ATM security articles.