|ATM Fraud & Security Digest - September 2010|
|Written by Douglas Russell|
|Saturday, 02 October 2010 09:53|
System Compromise /Transaction Reversal Fraud / Denomination Fraud
An Algerian born suspect pleaded guilty to transaction reversal fraud in the UK. In Sweden charges were brought against a suspect accused of exploiting a ‘technical fault' and withdrawing 1.6m kronor from an ATM. In the UK, a couple were ordered by the court to repay in full, the cash they withdrew (£61,000) after exploiting a faulty ATM.
Card Trapping / Distraction / Card Swapping / Leaving Transaction Live
India experienced incidents of leaving transaction live fraud. The modus operandi involved the suspect either pretending to need help or offering help in order to shoulder surf the PIN which was subsequently used to complete a fraudulent transaction. In a similar incident, in the USA, a suspect used binoculars to observe the victims PIN and identify those who did not conclude transactions by answering ‘no' when offered a further chained transaction. Card trapping incidents were prevalent in the UK. In India, they included a service engineer using chewing gum to trap cards. The ATMIA (ATM Industry Association) published best practices for preventing card trapping with contributions from DFR Risk Management, Diebold and NCR.
Card Cloning /ATM Skimming / Skimming / EFTPOS Compromise
Authorities in Jamaica charged suspects in ATM fraud under a new Cyber Crime Act which includes provision for the abuse of electronic means for completing transactions as well as misuse of computer systems and data. Canadian police arrested a suspect originally from Sri Lanka who was allegedly involved in what was described as sophisticated ATM skimming incidents. Equipment recovered from an ATM targeted included a miniature electronic skimming device and pin hole camera. Bank customers in Botswana were warned about fraud risks including ATM skimming. Arrests in the UK included seizure of ATM skimming equipment. In Australia, two Bulgarian suspects were sentenced for ATM skimming and for travelling with forged Czech passports. The Central Bank of Nigeria (CBN) criticised banks over the continuing increase of ATM fraud in the country.
Phishing / Vishing / Advanced Fee / Funds Transfer Fraud
Romanian DIICOT (police) arrested a suspect linked to US$ 3m spear phishing attacks which specifically targeted employees of an on-line auction site. In Thailand, an organized gang including suspects from Taiwan and China were arrested and linked to ATM funds transfer fraud, advanced fee fraud and vishing attacks.
Deposit Fraud / Fake Deposit / False Deposit / Cheque Fraud
An ATM in the USA helped identify a group involved in fraudulent cheque deposits. The ATM correctly identified the cheques as fake and captured video evidence of the suspects.
A significant number of arrests were made in September linked to on-line banking compromises using the Zeus virus (Trojan/malware). In particular arrests were coordinated by the UK PCeU (police) and the US FBI. Russian authorities issued a reduced sentence of six years (suspended) to a hacker linked to a large scale processor compromise in the US in return for supplying information assisting the lengthy investigation into the 2008 RBS WorldPay compromise.
In South Africa, SAPA (police) arrested eleven suspects and shot one suspect dead. The suspects are alleged to have links with ATM bombings and other serious crime.
Safe Cutting / Safe Breaking / Theft from ATM
In the USA a failed theft from an ATM caused at least $10,000 worth of damage. Cutting tools were used successfully in the US following the sabotage of the alarm system. Two suspects (a man and a woman) were arrested in the UK on suspicion of attempting to break into an ATM. Canadian police appealed to the public for information following a spate of thefts from ATMs.
Ram Raid Attacks / Theft of ATM / Smash-and-Grab
UK thieves succeeded in only causing minor damage to an ATM installed with superior anchoring. The failed theft of the ATM involved a rope and a four wheel drive vehicle. Other UK incidents included the use of a digger to remove an ATM. Thefts of ATMs in the USA, particularly from convenience stores, included the removal of one ATM within 1 minute and another in 18 seconds, even although it was bolted down. Failed attempts in the US were also reported in September with collateral damage often being significant. In one failed attempt, the ATM was removed but the suspects failed to lift it into their pickup truck. Other vehicles used in the US including forklift trucks. In India, thefts from ATMs included an incident with no apparent evidence of how the cash was removed from the ATM. In Canada, an unusual theft of an ATM from a ferry (boat) effectively failed as the thieves dropped the ATM into the ocean while attempting to load it into their getaway boat.
Quick Search Strings:
If your company supplies products, services and solutions relevant to ATM fraud and security, and you would like to explore the various advertising and marketing opportunities with ATMsecurity.com, please use the 'contact us form' to request further details:
The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers and manufacturers, as well as law-enforcement agencies, on how to manage ATM and self-service terminal fraud and security threats.
ATMsecurity.com is focused on ATM Fraud and ATM Security related issues, providing insight, intelligence and information via ATM security news, the ATM security knowledge centre, and ATM security articles.