|ATM Fraud and Security Digest - July 2009|
|Written by Douglas Russell|
|Saturday, 15 August 2009 11:26|
South Africa reported a reduction in ATM explosive attacks in July, attributed to successful intelligence-led policing. Reports of a bank fitting pepper spray to ATMs as a defence against both ATM bombings and ATM skimming attracted much media interest. Also in South Africa, a criminal linked to ATM bombings was sentenced to 74 years.
In Australia, there were at least two failed attempts to use explosive gas to blow up ATMs in July. In one incident, the perpetrator did not seem to know how to use a blowtorch correctly. The theft of a quantity of gas in July was feared to be a precursor to future explosive gas attacks.
A former disgraced police officer with explosives' expertise was arrested in The Philippines following a number of explosions targeting banks' ATMs.
An explosive attack was reported from Finland during the month of July.
Insider Fraud, Theft and Fraudulent Claims
Four suspects were charged with a series of fraudulent claims totalling $1m over five years in the USA. The group had made various claims that their cards must have been compromised. Investigations, however, identified the perpetrators as being responsible for the withdrawals.
Almost all of Euro 50k stolen from an Irish bank was recovered from a bank computer expert who had used his authorized access to manipulate credit ratings and overdraft limits of his girlfriend's accounts.
In the USA, a trusted bank employee stole cash (shorted) intended to replenish an ATM. The stolen cash was credited to the perpetrator's account and subsequently withdrawn.
In South Africa, an engineer working for a cellular phone network was accused of using his position to intercept One-Time Passwords (OTP) sent via SMS text message. In combination with phishing, the syndicate was able to compromise on-line banking accounts and withdraw funds at ATMs. Losses were estimated at R1.8m.
In Pakistan, a bank employee admitted using wireless spy cameras to obtain 1500 customer PINs.
An ATM supervisor of a security management company in India was arrested in connection to the theft of Rs 5 lakh from an ATM. He was identified from CCTV recordings as, although he had managed to disable one of the cameras, another's recording unit was inaccessible and thus remained operational.
Ram Raid Attacks / Theft of ATM
A reward was offered by a US bank following a ram raid attack (in OH) with a forklift truck which removed the ATM in under 90 seconds. Other ram raid and thefts of ATMs were reported throughout the USA in July, including incidents in CT, GA, TN, AR, FL, PA, NC AR, CA, TX, ND, MO and AZ. In one incident in TX, two suspects failed to remove the ATM with a chain and were arrested hiding in a large garbage bin. The chain had come loose. Another chain caused problem by breaking during an attack in MO. In OH, a failure in opening the crumpled hatchback of a Jeep after reversing into the building resulted in the failed theft of an ATM.
A guard in India was attacked and an ATM stolen. RS 6 lakh is the reported loss.
Successful and failed ram raids in Ireland prompted a special Garda (police) operation to be initiated in July. Diggers were the vehicles of choice.
Intelligence-led policing in the UK resulted in arrests when a criminal gang attempted to ram raid an ATM. Following other UK incidents, there were calls for construction-site operators to ensure their equipment is properly secured to prevent the equipment being stolen and used in ram raids.
15 armed men, dressed in SAGSD (police) uniforms, attacked and removed an ATM from a fuel station in The Philippines in July.
Tools were used in Australia to dislodge and steal an ATM from a restaurant in July.
Card Trapping / Card Theft / Distraction
July continued the upward trend in card trapping incidents, particularly in the UK. Lebanese Loop type traps, combined with spy cameras or shoulder surfing, were the main fraud methods. Victims often assume that the ATM has retained or ‘swallowed' their card and may be tempted to delay reporting the loss of the card which influences the magnitude of financial losses.
Two suspects were found guilty in Qatar for card theft. An Egyptian national and a Moroccan national were each sentenced to one year's imprisonment in July.
Distraction methods of card theft were reported in July. A suspect described as of ‘Eastern European' appearance is believed to be responsible for shoulder surfing and subsequent card theft in the UK. The modus operandi included the suspect using a map and seeking travel directions from the victim. The map also concealed the theft of the card from the victim.
Card swapping in Malaysia included one incident where low-value banknotes were dropped on the ground near the victim while they used the ATM. A combination of this distraction method and shoulder surfing allowed the suspect to obtain (and swap) the victim's card and PIN.
A disgraced magistrate was found guilty of card and PIN theft and was ordered to repay the victim for losses which the victim's bank had refused to reimburse. The victim's PIN was written on a piece of paper and stored along with the card in the victim's wallet when it was stolen.
Safe Cutting / Safe Breaking / Frontal Attacks
An arrest in the USA (MI) included recovery of an angle-grinder used to attack ATMs.
Cutting tools were used in Australia to remove the back from an ATM.
Two suspects were shot dead by police and a further three arrested in Indonesia.
ATM Skimming / Skimming
ATM skimming continued to account for most reported ATM fraud in July. In Ireland, European Arrest Warrants were issued for two suspects linked to losses of Euro 6.5m. The organized crime syndicate is linked to 35,000 transactions and 15,000 compromised cards. 24 arrests have already been made, including eight in Italy, two in the Netherlands, two in Belgium and 12 in Romania.
Two Bulgarian nationals were arrested in Tanzania in July following fraudulent spend with compromised cards totalling Sh70m.
In Canada a potential victim was held in a ‘bear hug' by suspected skimmers when his card got stuck in a skimming device which he had attempted to remove. Also in Canada, police issued a warning in July about honey traps combined with shoulder surfing, distraction and hand held skimming devices.
A Bulgarian-organized crime gang are understood to be behind continuing ATM skimming attacks in Australia. Separately, a Romanian national was sentenced to nine months prison in Australia for ATM skimming.
Two French/Algerian suspects were arrested in Cyprus. Fraudulent spend using cloned cards was estimated at Euro 9,000.
The helpful stranger method of card and PIN compromise continued to be used in July in South Africa. Also in South Africa, a female perpetrator of hand held skimming, arrested in June, was sentenced to 10 years in July. She is known as "the competition lady".
An investigation into fuel pump skimming in Sweden resulted in the arrest of two Hungarian suspects in Hungary. More than 200 incidents and losses of 1.5m Kronor are attributed. 108 cards seized during the arrests included cards compromised in Sweden. Fraudulent spend also included the USA, Trinidad and The Philippines.
Multiple ATM skimming incidents were again reported in the USA and the UK throughout July. USA incidents included reports from VA, CT, NY, CA, LA, MD, TX, NC and NV. Police in NV estimate that over the last 18 months, 75 skimming devices have been recovered including both fuel pump and ATM skimming devices.
A convicted criminal in the UK, originally from Romania, is currently serving the second year of a five-year prison sentence. In July, authorities took steps to recover £43k of losses. Attempts to refute the sum were impaired when a picture of his baby surrounded with bundles of cash was discovered. In a separate UK incident, an alert bank clerk reported a man and a woman acting suspiciously directly across the street from an ATM. When arrested by police, the female (a Romanian citizen) admitted a previous conviction for fraud. Also in the UK, an illegal immigrant from the Ukraine claimed he was forced to perpetrate ATM skimming in order to pay back people traffickers who transported him to the UK.
Deposit / Cheque Fraud (Check Fraud)
Transaction Reversal Fraud / Manipulation / Denomination Fraud
Transaction reversal fraud was detected in the UK during July.
Leaving Transaction Live Fraud
A career criminal of Chinese origin faced over 100 charges for targeting casino customers in the USA. The modus operandi includes leaving transaction live and shoulder surfing. It is understood the suspect already has 13 felony convictions and a criminal record running to many pages.
Vishing / Phishing / Smsishing / Advanced Fee / Funds Transfer Fraud
Phishing and related crimes were significant in July, particularly in Nigeria.
Two criminals in the USA were sentenced to 102 months and 51 months imprisonment for vishing related crimes which particularly targeted elderly citizens.
Vishing was also reported in Ireland and Malaysia during July. The modus operandi in Malaysia included a claim that the victim's account had an outstanding balance which required to be cleared. A recorded message suggested the victim pressed "1" for (fake) customer service.
Smsishing combined with funds transfer fraud continued in Thailand and Malaysia. An SMS text message sent to a victim in Malaysia encouraged the victim to call a customer service number and was then instructed to go to an ATM in order to ‘receive' a refund. The process tricks victims into initiating a transfer out of their accounts rather than any receipt of funds.
Two Taiwanese suspects were arrested in Thailand, and 187 compromised cards were recovered. The syndicate had set up a fake call centre to trick victims.
The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers and manufacturers, as well as law-enforcement agencies, on how to manage ATM and self-service terminal fraud and security threats.
ATMsecurity.com is focused on ATM Fraud and ATM Security related issues, providing insight, intelligence and information via ATM security news, the ATM security knowledge centre, ATM monthly digest and ATM security articles.