ATM Malware / Trojan / Data Compromise
ATMs in Russia were discovered to have been infected with sophisticated malware. The Trojan software was able to not only compromise card details but also the PIN. While some arrests were made, it is understood that the organisers behind the sophisticated attack have not yet been positively identified. While one specific ATM vendor’s machine was successfully targeted, intelligence reports received in March indicate attempts were made to infect other vendors ATMs.

ATM Skimming / Skimming
Three Romanian nationals were arrested by police in Malta suspected of using cloned cards to withdraw a significant amount of cash from ATMs on the island. In addition to enforcement operations, Maltese police launched a poster campaign in March to raise consumers’ awareness of ATM crime.

In Thailand, a Malaysian suspect was held by police, accused of ATM skimming along with others of unknown nationality. The suspect was also charged with attempting to bribe police officers. The police officers pretended to agree to the bribe and as a result some of the losses were recovered via funds transfer from Malaysia to Thai authorities. In another incident, a British national was sentenced by a Thai court to more than 18 years in prison for making withdrawals using cloned cards. The suspect had pleaded guilty to the offence.

Police in Dubai, UAE, released statistics in March which showed that there were 322 financial related crimes reported and more than 600 individuals charged in 2008. In the first two months of 2009, sixty two financial related crimes were reported and 103 persons charged. These statistics include the recovery of 500 cloned cards used to obtain cash from ATMs in February.

ATM skimming in the UK continued throughout March. Industry body, APACS ,reported that card fraud increased by 14% in 2008 to almost £610million. ATM specific fraud increased by 31% and accounted for £45.7million in losses reported in 2008.

ATM skimming in the USA continued to be reported during March with incidents noted in various states including PA, FL, NJ and CT.

Australia continued to experience a number of ATM skimming incidents during March. One incident alone is estimated to have resulted in AUD $ 500,000 of losses. Five suspects from Romania were arrested. In another incident a disguised, video-enabled, cell phone used to record PIN entry fell off of an ATM and was recovered.

Macedonian police arrested two Bulgarian nationals who were caught using cloned cards at ATMs to fraudulently withdraw funds.

Twelve suspects were arrested by Canadian police following possible point of sale (POS) / pin entry device (PED) compromises.

Vishing / Phishing / Funds Transfer Fraud
Police in Thailand arrested a group of four suspects for a tax refund fraud which utilised ATM funds transfer. One Thai and three Taiwanese nationals were accused of tricking victims into transferring more than Bt 2million. Victims were instructed to use only English language ATM menus which may have helped in the confusion of transferring rather than receiving funds. Overall, ATM fraud is estimated to have cost Bt 100million so far.

Advanced fee fraud (also known as 419 fraud) was reported in various countries during March. In some cases the victims were promised a significant amount of cash which they could withdraw from an ATM using a debit card supplied by the perpetrators. Prior to receiving the card, the victims were instructed to transfer funds to cover administration costs.

Text message phishing scams (also known as smsishing) continued in March, particularly in the US. Often the first fraudulent transaction was for a very low amount as the perpetrators tested the validity of the information obtained from the victim. In Malaysia, combined smsishing and funds transfer fraud was reported. Some victims were tricked into paying for an insurance policy that never existed.

Ram Raid Attacks / ATM Theft
Four suspects were arrested in March following the use of forklift trucks in ram raid attacks in the UK. In Northern Ireland, a four wheel drive vehicle was used to extract an ATM from a shop.

The USA experienced a multitude of ATM attacks in March, including ram raids and in one incident the theft of an ATM from a zoo’s gift shop (as opposed to the animal enclosure). In another incident, an ATM fitted with a GPS tracking device was recovered after being ripped out of the ground by a forklift truck from a branch location. Various other vehicles were used during March including a funeral hearse in one incident and a church van in another. Three brothers were arrested on suspicion of at least 25 ATM thefts; vehicles used included a forklift truck.

In Indonesia an ATM was stolen using a crowbar and a reinforced steel bar to remove it from its anchoring.

A car was used to drag out an ATM from a supermarket in Australia, but unknown to the thieves, the ATM was empty of cash.

In Greece, an ATM was pulled from a wall within a hospital.

Safe Cutting / Safe Breaking
A suspect in the US was arrested following an attempt to use a blowtorch to cut open an ATM. In another incident, a father and son are suspected of attempting to open an ATM safe using a crowbar.

A blowtorch was used to open an ATM safe in the UK.

Explosive Attacks
ATM explosive attacks continued in Australia prompting police to issue a warning that the perpetrators may end up facing a charge of murder should someone be fatally wounded. In Tasmania an attack failed to yield cash and in Canberra the perpetrators left behind tools before an explosion could take place. A husband and wife previously arrested appeared in court in March as did another person suspected of being involved in ATM explosive gas attacks.

A suspect involved in ATM bombings and other crimes was shot dead by police in South Africa in March.

Manipulation / Transaction Reversal Fraud
The UK experienced some transaction reversal fraud incidents during March.

Card Trapping / Card Theft / Distraction
Police in Pennsylvania, USA , released CCTV images in March of two suspects targeting elderly victims with card trapping fraud. The Lebanese loop style of trap was used to obtain the card and one of the suspects pretended to help the victims while observing their PIN being entered. Similar incidents were also reported in Washington during March.

Card trapping in the UK continued to increase in volume during March. Spy cameras were often used to record the PIN being entered.

Distraction techniques to facilitate card theft at ATMs were detected in Australia during March. After shoulder surfing the PIN entry, one of the perpetrators distracted the victims just prior to the ATM returning the card. A second perpetrator removed the card. A separate incident involved the perpetrators asking for directions and removing the victim’s card from her hand bag.

In South Africa, distraction techniques in combination with card swapping continued during March. In one incident, one of the perpetrators was dressed as a security guard.

Leaving Transaction Live
Various incidents of ‘leaving transaction live’ fraud were detected in the US during March. In one case arrests were made for a technique which exploits transaction chaining. The perpetrator completed an uncompleted transaction after the victim left the ATM.

Internal
Three employees of a company responsible for cash replenishment are suspected by police in India of ATM manipulation and cash theft. It was claimed that they avoided early detection by moving cash between different ATMs when audits were expected.

A bank teller in Ireland (Eire) was found guilty in March of compromising ATM cards and PINs using a hand held skimming device. More than 80 customer accounts were compromised.

The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers, manufacturers as well as law enforcement agencies on how to manage ATM and self-service terminal fraud and security threats.

Contact us: contact@dfrRiskManagement.com

www.dfrRiskManagement.com