| ATM Fraud and Security Digest - August 2009 |
| Written by Douglas Russell, DFR Risk Management |
| Thursday, 24 September 2009 13:47 |
| Transaction Reversal Fraud / Manipulation / Denomination Fraud A person suspected of being involved with transaction reversal fraud (TRF) perpetrated in Trinidad & Tobago was shot dead on her way to court in August. The Venezuelan national who had previously pleaded not guilty was on her way to the same court that sentenced another Venezuelan national to three years hard labour for ATM fraud known as ATM transaction reversal fraud. Transaction reversal fraud was also detected in the UK in August. Vishing / Phishing / Smsishing / Advanced Fee / Funds Transfer Fraud Seven arrests were made in Saudi Arabia during August for ATM funds transfer fraud. The modus operandi involved the perpetrators pretending to be calling from the customer service department. The victims were instructed to go to an ATM in order to update their accounts but were tricked into transferring funds. Consumers in Thailand continued to be targeted with vishing and ATM funds transfer fraud in August. The perpetrators instructed their victims to pay ‘outstanding fines and charges' via ATM funds transfers. Card Trapping / Card Theft / Distraction Lebanese Loop card traps combined with fake consumer advice notices were prevalent in the USA during August. In particular, CA and WA detected incidents. The fake consumer advice notices instructed consumers to enter their PIN three times should any technical fault occur at the ATM. With three chances, shoulder surfing of the PIN is more likely to succeed. Other incidents of card trapping were reported globally including various incidents in the UK and in The Caribbean during August. Distraction fraud continued in August. In Malaysia the technique involved the perpetrator dropping some money on the ground to distract the victim. ATM Skimming / Skimming Incidents of ATM skimming were reported on a daily basis during August. In Jordan, 15 arrests were made. Various arrests were also made in Canada and elsewhere. In one Canadian incident, police investigating a break-in to a hired car uncovered evidence of card skimming. In the USA many ATM skimming incidents were detected including in the following locations: SC, NY, VA, TX, WA, IL, TN and FL. A perpetrator in WA was sentenced to four years prison and ordered to pay back $250k to the bank which had been defrauded. The ATM Industry Association (ATMIA) published "Best Practices for Preventing ATM Skimming - International minimum security guidelines and best practices" in August which includes, in addition to other useful information, an international classification system for ATM skimming and PIN compromise. The classification system was created by DFR Risk Management. Explosive Attacks Australia continued to experience explosive attacks including explosive gas attacks as well as non-gas explosive attacks during August. A significant number of arrests were made. Although, many incidents failed to obtain cash from the ATMs targeted, the collateral damage was often considerable. Safe Cutting / Safe Breaking / Frontal Attacks / Theft from ATM A variety of cutting and other tools were used to attempt entry to ATM security enclosures in August. In PA (USA) the use of power saws and crowbars failed. Drilling attacks were noted in Canada and cutting attacks were reported in the UK during August. In WA (USA) hydraulic tools were used to successfully open an ATM safe (security enclosure) in less than one minute. A security guard in India was arrested following theft from an ATM using genuine keys to open the security enclosure. Ram Raid Attacks / Theft of ATM / Smash-and-Grab Ram raid attacks were the most prevalent type of physical ATM attacks in August. Not every attack was successful and many failed due to the chain or strap being used breaking (UK, NM -USA). In TX (USA) arrests were made following a series of smash-and-grab incidents. Bulldozers and trucks were used in FL and TX (USA). In TN (USA) although the ATM was successfully removed using a vehicle and chain, the perpetrator was unable to gain access to the cash. A backhoe was used in Canada to gain entry to the building but failed to actually open the ATM security enclosure. In the UK a flatbed lorry and a 4x4 vehicle failed to dislodge an ATM. A UTE was used in Australia to successfully remove an ATM. In Ireland, a digger was used to gain access to a building but unfortunately (for the perpetrators) there was no ATM to steal. |
