Data Compromise

The scale of the US based RBS WorldPay data beach dominated the beginning of February with reports that around $9million was obtained fraudulently from ATMs in a short time window of 30 minutes. In addition to the significant financial and reputational impact of such an attack, reports of the sophistication and level of global coordination surprised many observers.

Law Enforcement made progress in the US based Heartland processor compromise with the first arrests made in February. Those arrested are understood to have been in possession of compromised cards but are not linked directly to the actual attack on the processor. Unlike the RBS WorldPay compromise, it is not thought that PINs were compromised during the data breach and subsequent fraudulent use of the compromised cards is therefore limited to purchases of goods and services rather than direct withdrawal of cash from ATMs.

Skimming

Police in Canada arrested a group thought to be behind a significant skimming operation. Along with high value luxury goods and re-encoded cards, equipment used to compromise cards and PINs at ATMs were recovered.

In Thailand, two female Romanian tourists with links to London, UK were arrested while using cloned cards at ATMs. A search of their hotel room uncovered 140 further cloned cards. The suspects claim they were asked to use the cards to withdraw the cash by a friend in the UK.

Various seizures and arrests were made in the UK during February covering ATM skimming attacks as well as compromised POS terminals. A father and daughter were found guilty of conspiracy and other charges which involved around 500 compromised cards and the seizure of ATM false fronts with skimmers and miniature cameras.

An apparent increase in US incidents was recorded during February. Incidents included charges made against two Bulgarian nationals in Atlanta. An ATM skimming incident in New York City netted criminals $40k. CCTV images of a suspect attaching a skimming device to an ATM in Florida were released.

In the Caribbean, St Kitts, Nevis, St Lucia and Antigua reported ATM skimming activity during February.

A survey carried out by Harris Interactive on behalf of Level Four Americas found that 24% of American consumers would be likely or very likely to consider switching primary financial institutions in the case of an ATM security compromise.

Vishing / Phishing / Funds Transfer Fraud

Taiwan’s Criminal Investigation Bureau arrested 40 suspects in a NT$20 million funds transfer fraud scheme. The perpetrators pretended to be customer service agents for a large telephone company and tricked their victims into transferring all the money in their accounts via an ATM to the perpetrators account for safe keeping.

A criminal inspired by media reports of a similar fraud in the Peoples Republic of China phoned telephone numbers at random and managed to convince one recipient that he was a friend and needed funds quickly to pay a fine. The victim was instructed to transfer funds using an ATM.

In Japan, police have placed photographs of suspects involved in ATM funds transfer fraud at ATM locations in Tokyo to encourage vigilance amongst consumers.

Indonesian police have warned consumers about a scam involving the discovery of an envelope with documents and high value cheques. The person finding the envelope is offered a reward via ATM funds transfer. The consumer however is tricked into transferring, rather than receiving funds.

The US continues to experience a high volume of phone and text based phishing (vishing and smsishing) fraud incidents. One common theme is that the receiver is required to provide banking information in order to re-active a suspected compromised account.

Ram Raid Attacks / ATM Theft

The Royal Canadian Mounted Police (RCMP) have appealed to the public for help following a significant number of ram raid incidents that occurred in North Okanagan, Canada since May 2008 and into 2009.

Various attacks continued in the US during February. In one incident in New York State, the perpetrators tried and failed to gain access to an ATM safe even after bringing an escalating choice of tools to the crime scene, including ultimately a mechanical backhoe.

In Jamaica, thieves used bolt cutters to remove an ATM after disabling the alarm system and blocking the CCTV camera with bubble gum.

Explosive Attacks

Police in Australia have made further arrests of suspects believed to be involved in ATM explosive attacks using explosive gas. Attacks and attempted attacks continued in February including at least one incident whereby one of the suspects is believed to have been injured by the explosion.

ATM bombings in South Africa continued in February. Police also announced the arrest of two significant ‘businessmen’ believed to have links to previous ATM explosive attacks.

Manipulation / Transaction Reversal Fraud

A suspect managed to manipulate an ATM at a casino in the US which caused the machine to dispense a significant number of notes.

In a separate incident, also in the US, the suspect was able to change the denomination of the ATM cassettes which resulted in $20 dollar bills being dispensed but debited as if each bill had a value of $1.

CCTV evidence was used to confront a 17 year old girl suspected of tricking an ATM out of $16,000. In total the ATM is suspected of being manipulated to a total loss of $60,000.

Card Trapping / Card Theft

Card trapping using Lebanese Loops continued to be detected in February, particularly in the UK.

In the US, a type of ‘honey trap’ was used by two women targeting men. The women would observe their target entering his PIN and then later, steel his card.

Leaving Transaction Live

The US has experienced a re-emergence of a less well known ATM fraud known as ‘leaving transaction live’. A team of criminals target victims immediately after they have swiped their card at an ATM and convince the victim that there is a fault with the ATM and that they should use another ATM nearby. While the victim uses the second ATM, a member of the gang shoulder surfs the PIN number and passes it to the gang member at the first ATM who executes a transaction.

False Deposit Fraud

Banks which allow immediate withdrawals against deposited cheques (checks) continued to be targeted in February, particularly in the US.

The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers, manufacturers as well as law enforcement agencies on how to manage ATM and self-service terminal fraud and security threats.

Contact us: contact@dfrRiskManagement.com

www.dfrRiskManagement.com