|ATM Fraud & Security Digest - July 2010|
|Written by Douglas Russell|
|Monday, 09 August 2010 15:40|
System Compromise /Transaction Reversal Fraud / Denomination Fraud
A researcher demonstrated two methods of ‘jackpotting' ATMs at the Black Hat Conference in Las Vegas, USA. In one attack, the ATM software (firmware) was manipulated with a remote connection. In the other attack, malware was introduced manually using a USB memory stick. In both attacks, the ATMs were manipulated to dispense cash. An Irish bank is planning to refund up to three million Euros to consumers who may have been debited without receiving their cash following a process change intended to reduce transaction reversal fraud.
ATM Skimming / Skimming / EFTPOS Compromise
In the USA, legislation making possession of a skimming device illegal, continued to be adopted by further States. Fuel pump skimming, including devices using Bluetooth transmitters in addition to ATM skimming, continued to be detected. Transparent keyboard overlays were also recovered in the USA. Police in Australia encouraged consumers to become familiar with, and avoid, the skimming technologies used to compromise cards. The police action was the result of further ATM skimming incidents attributed to Eastern European organized crime syndicates. In Canada, ATM skimming devices were recovered from ATMs. ATM skimming remained significant throughout Europe, including the UK. In New Zealand, two Canadian nationals admitted involvement in EFTPOS compromise. POS skimming was reported in Sweden.
In Malaysia, an attempt to blow open an ATM with explosives failed. In South Africa, ATM bombings continued, and in one incident a police officer was shot dead. In another incident, shoppers and staff were left traumatised following an early evening ATM bombing attack in a supermarket.
Card Trapping / Card Theft / Distraction / Card Swapping
Card trapping was prevalent in the UK. Also in the UK, distraction techniques included the perpetrator distracting the victim with an envelope. Advice was issued by the Zambian authorities following ATM fraud including incidents of suspected card trapping. South Africa reported incidents of card swapping. In India, a suspect was arrested after the theft of ATM cards and mobile phones. The PIN was obtained from a record in the mobile phone and used to withdraw money with the ATM cards.
Phishing / Vishing / Advanced Fee / Funds Transfer Fraud
ATM funds transfer fraud was detected in various countries. The most common technique was for the perpetrators to call victims by phone and pretend to be a family member or friend in trouble. Victims were persuaded to transfer funds into the perpetrators account. Phishing, smishing and vishing attacks often used the common theme of a card requiring reactivation. In Vietnam, almost 100 (foreign) suspects were arrested following large scale funds transfer and card cloning fraud.
Ram Raid Attacks / Theft of ATM / Smash-and-Grab
USA incidents of ram raids, also known as smash-and-grab attacks, were reported from a variety of locations including bank premises, convenience stores, restaurants and fuel stations. Equipment used included a variety of small and large vehicles, chains and tow ropes. In one USA case, the empty ATM was recovered directly opposite a police station. In India, CCTV helped police identify four persons (including three police officers) responsible for the theft of an ATM. The ATM was recovered, intact, from one of the suspects' homes.
Safe Cutting / Safe Breaking / Theft from ATM
Electric saws were used in the USA to breach ATM security enclosures. Police in the USA arrested a suspect who had attacked two ATMs with an axe. The suspect claimed he was under stress. It was not clear whether the motive was vandalism or a failed attempt to break into the ATMs. Alert police in India foiled an attempt by a suspect using screwdrivers in an attempt to access the cash within an ATM. Also in India, a cash-in-transit guard was distracted by low- value bank notes dropped in the street, and a bag of cash intended for an ATM was stolen when he left the van. In the UAE, police arrested six Afghan nationals attempting to break into an ATM. In the UK, a suspect was found guilty and sentenced for attempting to break into an ATM using a crowbar and screwdriver. Although covering one CCTV camera, the perpetrator had not noticed a second camera which recorded the crime.
Deposit Fraud / Fake Deposit / False Deposit / Cheque Fraud
In Malaysia, arrests were made following a number of deposits of counterfeit cash via cash deposit machines. A USA-based security company uncovered an attack against cheque image archives. The attack is believed to have originated in Russia.
Quick Search Strings:
If your company supplies products, services and solutions relevant to ATM fraud and security, and you would like to explore the various advertising and marketing opportunities with ATMsecurity.com, please use the 'contact us form' to request further details:
The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers and manufacturers, as well as law-enforcement agencies, on how to manage ATM and self-service terminal fraud and security threats.
ATMsecurity.com is focused on ATM Fraud and ATM Security related issues, providing insight, intelligence and information via ATM security news, the ATM security knowledge centre, and ATM security articles.