ATM fraud & security consultancy and training services. DFR Risk Management, ATM security specialist consultancy services

Who's Online

We have 635 guests online
Home DFR Observations & Comment ATM Fraud and Security Digest - April 2009
ATM Fraud and Security Digest - April 2009 E-mail
Written by Douglas Russell   
Friday, 15 May 2009 15:53

Transaction Reversal Fraud / Manipulation

A joint ATM fraud operation between police and industry investigators in Trinidad & Tobago resulted in the arrest of three suspects perpetrating Transaction Reversal Fraud (TRF). An estimated $113,000 was obtained in one month. One of the Venezuelan suspects arrested is well known to industry investigators for perpetrating TRF in Europe, USA and elsewhere.

Transaction Reversal Fraud was also detected in the UK during April.

Cash Trapping

Cash Trapping in combination with receipt printer jamming was reported in the UK. With the receipt unable to be presented to the consumer, the victim may be unaware they have been debited for cash they did not receive.

Card Trapping / Card Theft / Distraction

In the USA (AR) incidents of card theft included pickpockets who targeted purses and then used ID and contact details taken along with the card to contact the victims by phone and trick them into confirming their PINs. Also in the USA (PA) an official working in a nursing home was charged with using a stolen card five hundred times and obtaining over $247, 000.

Street CCTV operators in the UK helped track and arrest a pickpocket gang originally from Bulgaria while they were making ATM withdrawals using compromised cards and PINs. Lebanese Loop card traps were detected in the UK during April, as were distraction techniques including one incident where the theft occurred within a bank branch. Distraction methods included waving an envelope in front of the victim and claiming that the ATM was not functioning correctly.

Lebanese Loop card traps were used in Australia during April.

Leaving Transaction Live

India experienced incidents of Leaving Transaction Live fraud during April. Victims were approached immediately after they had swiped their card and entered their PIN and advised that the ATM was not functioning. The perpetrator then completed the transaction and withdrew cash from the victims account.

In the USA leaving transaction live fraud was noted in CT and in NY. In both cases, the perpetrators took advantage of the fact that the consumer who had just used the ATM had failed to complete the transaction.

Deposit / Cheque Fraud

Incidents of withdrawing funds against fake cheques (checks) deposited at ATMs were reported in the USA during April.

ATM Skimming / Skimming / Card Cloning

ATM Skimming was the most common type of ATM fraud reported during April in most geographical areas.

In the USA, skimming incidents occurred in various states (IL, GA, NJ, GA, NV, FL, CA, SC, MD, and NY) and included ATM skimming as well as Fuel-pump skimming. In California (CA), maintenance engineers recovered a fuel-pump skimmer while investigating the reason for a malfunction. In Nevada, three ATM skimming devices and four hand held skimmers were recovered.

Various arrests were made in Canada including two following the swapping of a POS device with one modified to skim card details

Two Romanian nationals in New Zealand pleaded guilty to ATM skimming.

In Australia, multiple arrests were made including suspects from Romania and Bulgaria. Tightening of legislation was called for to make it a specific offence to manufacture or possess skimming equipment.

Multiple incidents of ATM and POS skimming occurred in the UK during April. In one incident a bogus engineer is understood to have tampered with a Chip and PIN machine at a fuel (petrol) station. Victims of the card and PIN compromise demonstrated their outrage by publishing an on-line protest on a Facebook web group, attracting in excess of 600 ‘members'. In a separate incident, also involving a fuel station, victims expressed outrage that the station was continuing to accept card transactions while the operators had been aware that the terminal may have been compromised. In a third incident involving a fuel station, an employee was caught by his manager and a spy camera, positioned above the ATM keyboard, was recovered. The manager had noticed a small hole in the ceiling tiles above the ATM. The employee (originally from Sri Lanka) was accused of a potential £4m plot although actual losses were estimated at £53,000. Two Romanian nationals were found guilty in April after being caught with a small blow-torch which was used to remove an anti-skimming feature from an ATM. Card cloners of Chinese origin were found guilty of a £3.5m card fraud (obtained within one week) which exploited a temporary laps of bank security protocols and were sentenced to a total of 18 years in prison during April.

An investigation in Greece into ATM fraud benefitted from bank and police cooperation leading to the arrest of Romanian and Bulgarian nationals suspected of ATM skimming.

In South Africa, shoulder surfing was used by a ‘helpful stranger' to observe PIN entry while a hand held skimmer was used to skim the card. Nearby ATMs had been sabotaged by jamming the card slots which caused victims to use the ATM targeted by the perpetrators.

ATM skimming devices and spy cameras were recovered in Vietnam during April.

In Botswana, a joint operation involving law enforcement from the UK, USA and Ghana disrupted a P1m scam using compromised cards to extort local tour operators.

Vishing / Phishing / Funds Transfer Fraud

Singapore and Malaysia experienced combined vishing and funds transfer fraud during April. The techniques included guiding the victim to set up and activate internet banking services using an ATM.

In the UK, the Dedicated Cheque and Plastic Crime Unit (DCPCU) which celebrated surpassing £315m of industry savings from their anti-crime operations, arrested two vishing suspects who had pretended to represent bank and credit card companies. The modus operandi was to telephone victims to check on possible fraudulent transactions on their accounts and trick the victims into divulging card and PIN details.

The Department of Trade and Industry in the Philippines issued a warning to consumers following numerous text message scams (smsishing) which often included a claim that the victim had been selected for a prize of some type.

Vishing combined with Funds Transfer Fraud was detected in China, Japan and South Korea during April, while Phishing was noted in Australia and Nigeria amongst many other countries.

Ram Raid Attacks / ATM Theft

Theft of ATMs in the USA were significant during April. States included NY, TX, NE, GA, AZ, CA, FL, WV, NC, and OR.  In a Nebraska incident the ATM was empty of cash when stolen. In Texas, an attack failed after the perpetrator inadvertently buried the ATM under the rubble generated during the ram raid. In New York a perpetrator was arrested after jumping into a river in an attempt to avoid capture - according to reports, when allowed to make a telephone call from the custody suite he was overheard to say "get all the cash out of my mattress". Front end loaders, back hoes and trucks with chains were the vehicles of choice in April.

In an ATM security attack in Russia, CCTV provided very clear images of a gang member who failed to wear a mask while sabotaging the camera (but not the recording equipment) at the beginning of the raid.

In Australia, an ATM taken from a public house was recovered from a creek, along with the van used to remove the ATM.

An ATM ram raid attempt in Chile failed in April.

A construction site digger was used in an attack in the UK during April. A pickup truck, a 4x4 vehicle and the ATM were later recovered.

Safe Cutting / Safe Breaking

In the USA, one incident resulted in two arrests following timely police response to a bank branch alarm activation. A cutting torch and other burglary tools were seized.

A cutting torch was also recovered in Canada and arrests made.

In India, three separate cutting attacks were reported during April.

Explosive Attacks

Explosive gas attacks continued in Australia during April. Following one incident, the perpetrators managed to escape capture due to the speed of their getaway car. In another incident, two ATMs located side-by-side were targeted. Two further attacks occurred within 24hrs of each other in Tasmania. In each case, damage to property was extensive.

One arrest was made in South Africa following an ATM bombing attack carried out by a team of eight perpetrators.


The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers, manufacturers as well as law enforcement agencies on how to manage ATM and self-service terminal fraud and security threats.

Contact us:



ATMsecurity Feeds


Copyright © 2022 All Rights Reserved.
Sponsored by DFR Risk Management, specialist consultancy services in ATM security. is focused on ATM Fraud and ATM Security related issues, providing insight, intelligence and information via ATM security news, the ATM security knowledge centre, and ATM security articles.