ATM Skimming / Skimming / Data Compromise

A large number of ATM fraud incidents, including ATM skimming, were reported in Indonesia during January, raising significant consumer confidence issues as well as some debate about the appropriate level of consumer education. Various ATM skimming devices were recovered globally in January, including within the USA which appears to be experiencing an increase in ATM skimming attacks. In an incident in Russia, fraudulent spend using compromised cards and PINs was reported to include the loss of 15m roubles. A Russian national was arrested in Kenya and charged with suspected fraudulent spend. Sentencing in January included eight Romanian nationals found guilty of fraudulent spend, who were sentenced to between six and nine years prison in Singapore. Police in Australia released photographs of suspects believed to be involved in on-going ATM skimming attacks.

Phishing / Vishing /Smsishing / Advanced Fee / Funds Transfer Fraud

Phishing by e-mail, phone and text message was reported globally in January. In the USA, smsishing (smishing) and vishing was of particular note, the common theme being that the victims' card required reactivation. Unauthorized mobile banking applications for the Android operating system were withdrawn by Google following concerns some might present a security risk. Telephone and ATM funds transfer fraud in Thailand was highlighted in January with authorities strengthening their multi-agency response. In Japan, incidents of ‘ore ore sagi' funds transfer fraud were reported to have reduced in 2009.

Legislation / Law

New York state (USA) implemented new laws in January which includes the specific offence of possession of a skimming device.

Card Trapping / Card Theft / Distraction / Card Swapping

Card Trapping was particularly prevalent in the UK during January

Ram Raid Attacks / Theft of ATM / Smash-and-Grab

In Ireland, an ATM was removed from a wall of a fuel station and the security enclosure burst open using a mini-digger. The ATM, however, was empty of cash and had been out of order for some time. Attacks also continued in Northern Ireland (UK) during January. In Portugal, a digger stolen from a nearby garden centre was used in a ram raid attack to remove an ATM. In the USA, cables and chains were used to pull ATMs from convenience stores and fuel (gas) stations as well as vehicles being used to smash open ATMs at the location. Local security guards prevented the theft of an ATM from a hotel in Australia. The suspects subsequently crashed their getaway vehicle during their escape and are likely to have suffered injury. In the UK, the impact that ram raids often have on a local community and local businesses was felt when a post-office was closed until further notice due to structural damage following the failed theft of an ATM.

Safe Cutting / Safe Breaking / Frontal Attacks / Theft from ATM

A January cutting attack in the UK was abandoned after the smoke generated by the cutting tools activated the fire alarm. In Canada, cash cassettes were stolen from an ATM in a well-lit bank lobby. In India, the noise generated from cutting tools alerted local residents, and the perpetrators abandoned their attempts to open the ATM's security enclosure. Also in India, cutting tools ignited the cash within an ATM during an attempted theft.

Explosive Attacks

In South Africa, a fuel station cashier was awakened by robbers executing an explosive attack. The robbers, who possessed at least one firearm, had to use a second explosive charge to gain access to the ATM's cash.

Technology in Focus

Advanced Cellular Tracking (ACT) is a powerful technology designed by Satcom Technology Ltd which, in addition to providing an early warning that an ATM is being stolen, also allows the ATM to be tracked when removed from the premises. Many ATM thefts, whether removed manually or by the heavy equipment used in Ram Raids, are often part of a series of incidents perpetrated by the same organized crime gangs. It is imperative to identify the location that the stolen ATMs are being taken and to thus capture and close down the criminals' operation at the earliest opportunity and before they can repeat their attacks. ACT allows law-enforcement to be directed quickly and accurately to the stolen ATMs location.

The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers and manufacturers, as well as law-enforcement agencies, on how to manage ATM and self-service terminal fraud and security threats.

Contact us: contact@dfrRiskManagement.com

www.dfrRiskManagement.com