Attacks against Consumers

Personal attacks against consumers using ATMs are global phenomena although perhaps not as common as some reports would suggest. During December, incidents ranged from short-term ‘express’ kidnappings to muggings. The ATM crime situation in Costa Rica has forced many banks to close down their ATM network of machines between 10pm and 5am in an effort to reduce crime levels. 

Vishing / Phishing

A variant of phishing which rather than using an e-mail or website to trick consumers into divulging card and PIN details uses automated telephone calls was prevalent in the USA during December. The pre-recorded message advises receivers that their ATM card has been suspended and provides instructions on how to reactivate it. Technologies, such as Voice-over-IP makes tracing the originator of the calls difficult for law enforcement.

Insider Theft

Police in India have arrested a group including an employee of the bank following the theft of cash from an ATM. Although there was evidence of an apparent physical attack using a gas stove, the ATM security enclosure was not breached and the use of the correct combination unlock code was deemed more likely.

Ram Raid Attacks

Forklifts, front-end loaders, backhoes, 4x4s and trucks were used during December in various ram raid attacks. Reports from Chile, USA and Ireland again demonstrates that the impact of such attacks if often more to do with structural damage than the amount of cash actually stolen. Perseverance was evident in one of the US ram raid attacks when two out of the three suspects who failed to remove the ATM the night before returned on the second night. While they finally succeeded in removing the ATM they were swiftly arrested after police received help from members of the public.

Skimming

December continued the upward trend in skimming attacks globally. In New Zealand, recent skimming incidents are reported to have been successful against ATMs that had been upgraded with anti-skimming features.  The December skimming attacks in New Zealand come at the time that two Romanian nationals were deported after serving a partial prison sentence following similar frauds in April.

In Scotland, many motorists had their cards and PINs compromised following manipulation of Chip and PIN terminals and ATMs at petrol stations. It is understood that a significant time lapse existed between the compromise activity and the subsequent fraudulent spend.

Statistics released in December by the Australian Payments Clearing Association (APCA) shows that for the previous twelve months ending June 30th, 2008 Card Not Present (CNP) fraud accounted for 48% of fraud on Australian issued cards. Counterfeit / skimming followed at 32% for credit / charge cards and 40% for debit cards.

Observant Irish police (Gardai) arrested a suspect attempting to film consumers entering their PIN numbers using a hand held camcorder. Inspection of the ATM identified that a skimming device was attached to the card entry slot.

Dubai (UAE) police arrested suspects in December over what is estimated as a $60 million card fraud scheme targeting almost 17,000 cards. Although unlikely to be directly related to the previous reports of a large scale data compromise it never the less is a blow against organized crime operating in the area.

Explosive Attacks

December continued with a significant number of explosive gas attacks in Australia. Police in Queensland arrested a couple from New South Wales following an explosive attack in Brisbane. A combined New South Wales, Queensland and Victorian police investigation continues.

Other explosive incidents in South Africa appeared to reduce in December.