ATM fraud & security consultancy and training services. DFR Risk Management, ATM security specialist consultancy services

Who's Online

We have 41 guests online
Home DFR Observations & Comment ATM Fraud and Security Digest - June 2009
ATM Fraud and Security Digest - June 2009 E-mail
Written by Douglas Russell   
Tuesday, 21 July 2009 19:51

Card Trapping / Card Theft / Distraction

Incidents of card trapping, mostly using Lebanese Loop type traps, increased significantly in June.

A large number of reports from the UK included one in which the modus operandi involved the suspect offering advice to the victim that re-entering their PIN would cause the card to be returned. Two Romanian nationals pleaded guilty to using Lebanese Loop card traps and miniature spy cameras in June. In a separate incident, also in the UK, a Romanian national was sentenced to 15 months detention for card trapping and the use of a spy camera to compromise PINs.

In Indonesia, card trapping, in combination with a fake consumer advice notice, was used to obtain cards and PINs. The fake advice sticker provided a telephone number to be used to report problems with the ATM. The perpetrator, pretending to be a help desk operator, tricked the victims into divulging their PINs.

In China, a suspect was arrested attempting to use a card that she had stolen from a consumer who had left their card at an ATM previously.

Distraction methods continue to be used to obtain cards at ATMs. Incidents in the UK included the perpetrator placing their hand over the ATM screen to distract the victim. Shoulder surfing was used to obtain the PIN.

Australian police arrested a third Romanian suspect who now joins her two associates in prison. The three suspects are accused of distraction theft of cards and shoulder surfing.

ATM Skimming / Skimming

ATM skimming continued to be the most widely report ATM fraud throughout June.

ATM skimming in the Philippines prompted the Bankers Association of the Philippines (BAP) to advise consumers to take extra care to avoid becoming victims.

In the USA, ATM skimming incidents were detected in various locations, including WA, TN and MI. Fuel pump skimming was reported in CA.

Many incidents occurred throughout the UK during June. Two Romanian nationals were sentenced to two years detention for using ATM skimming equipment and cameras. Separately, a number of skimming devices were recovered. In one weekend attack, an estimated 500 victims had their cards skimmed. Additionally, incidents of Chip & PIN device compromise were suspected in the UK, including at a fuel station where over 200 consumers were believed to be victims.

In New Zealand, two Romanian nationals were sentenced to two years, three months detention to be followed by deportation.

South Africa detected an increase in ATM skimming attacks. In one incident the perpetrator pretended to be running a competition on behalf of a bank. Targeting elderly users, the perpetrator gained temporary possession of the victims’ cards and used a hand held skimming device to copy the magnetic stripe data. Shoulder surfing was used to obtain PINs.

Canadian authorities charged various suspected ATM skimming perpetrators in June, including four people charged with 79 offences. The investigation spanned 20 locations identified as being targeted, and a conservative estimate of $150,000 losses attributed. Cash, eight sets of assembled ATM skimming and PIN compromise devices, 70 partially completed devices and digital records of compromised card data were seized as part of the operation. Also in Canada, a suspect was arrested after a consumer reported a compromise device falling from an ATM.

In Greece, an international gang comprising Bulgarian, Greek, and Macedonian suspects were arrested for ATM skimming.

Police in Macedonia requested Interpol assistance to arrest two suspects from Bulgaria who are thought to have been responsible for fraudulent use of cards to withdraw Euro 53,000 from local banks.

Australian authorities have charged a criminal organization from Romania with obtaining AU$789,000 using ATM skimming equipment.

Deposit / Cheque Fraud (Check Fraud)

Various incidents of deposit fraud occurred during June. In FL (USA) arrests were made following an investigation into fake deposits at ATMs. The cards used had been ‘purchased’ from the genuine account holders and used to withdraw funds prior to the authenticity of the deposited cheque (check) being validated.

Transaction Reversal Fraud / Manipulation / Denomination Fraud

A Venezuelan national, currently serving a three-year sentence for transaction reversal fraud in Trinidad & Tobago, received an additional 18- month sentence (to run concurrently) after manipulating ATMs and stealing $14,000 over a two-day period.

Transaction reversal fraud was also detected in the UK during June. Both successful and failed attempts were reported. Cards used are often prepaid cards, but included some which had been cloned.

Insider Fraud & Theft

A sub-postmaster in the UK pleaded guilty to the theft of £40,000 from an ATM. He had attempted to forge the accounts and had claimed that the ATM must have dispensed more cash than it should have done. Audit procedures identified the theft and he pleaded guilty at a later stage.

In OH (USA), an employee exploited an auditing loophole to steal $13,000 by overstating how much cash an ATM had dispensed. The loophole has now been closed.

Vishing / Phishing / Smsishing / Advanced Fee / Funds Transfer Fraud

South Korean authorities issued new rules in June to address an increase in Phishing, Vishing and Funds Transfer Fraud. The rules now reduces the limit of how much money may be transferred (often using ATMs) per day.

Phishing, Vishing and Smsishing also continued globally during June.

The Australian Tax Office (ATO) warned of Tax Refund Fraud linked to phishing e-mails. The phishing attacks often include a request for the card’s CV2 code and the PIN code to facilitate the refund.

Malware / System Compromise

Various discussions and debates continued in June, covering the previously reported incidents of ATM malware detected on certain ATMs in Ukraine, Russia and elsewhere.

An unnamed ATM vendor was successful in persuading a security conference to not demonstrate how an ATM can be ‘jackpotted’ in June.

Ram Raid Attacks / Theft of ATM

While most attacks include the use of a heavy vehicle, often some form of construction equipment, attacks in FL (USA) involved the theft of ATMs from hotels using a hand truck (trolley). Police report that a common trick is for one of the gang members to distract the receptionist / front desk manager while the theft is perpetrated.

Ram raids continued to dominate physical attacks in June. Forklift Trucks, Backhoes and Pickup Trucks were popular in many locations in the USA and elsewhere including TX, SC, MN, GA, MO, CT, NC, MS, AL and NC. An ATM was recovered by a farmer after it was found in a field in PA. In NY, the removal of an ATM located outside a music venue was facilitated by partially loosening the bolts used to anchor the ATM. The incident in AL demonstrated that health and safety considerations are not high on the perpetrators list of priorities as the ATM (unsecured) fell from the truck being used to remove it.

Thieves in Australia also suffered humiliation when the ATM they had stolen fell out of their van as they attempted to reverse away from the scene.

In the UK, 10 members of a gang were sentenced after a two-and-a-half year investigation. A key member received six years detention for ATM attacks using a variety of methods including construction equipment such as JCBs. £110,000 of cash and £191,000 of damage was attributed to the attacks.

Construction diggers were also used in Ireland in June.

Incidents in the UK included the perpetrators smashing CCTV cameras after they had already been caught on recording equipment. A trail of red dye at the scene of the crime would indicate that perhaps the cash stolen may not have been as valuable as they had hoped.

Eight armed men in a van are suspected of being involved in the theft of an ATM from a fuel station in the Philippines. The ATM was later recovered.

In Malaysia, a suspect dressed as a Formula 1 driver abandoned an attempt to steal an ATM using a forklift truck after it got stuck in a glass panel. The alarm had also activated.

In Canada, three were charged following a number of ATM thefts. Straps put around the ATM and connected to a pickup truck were used in at least one incident.

Safe Cutting / Safe Breaking / Frontal Attacks

Police in the UK increased their efforts to address a number of frontal attacks. As part of Operation Alma, a number of technical defences were considered in June.

A safe cutting gang in the UK, estimated to have stolen £1m, mainly from ATMs at supermarkets, had £600,000 of assets seized under the ‘Proceeds of Crime Act’. In another spate of incidents, £400,000 of cash and property damage has been attributed to a gang of around 30 thieves who favour angle grinders and crow bars as tools.

In the USA, power tools and hand tools were recovered by Police following a stop on a suspicious vehicle in TX. In MI, a bank has offered a reward for information leading to arrest and conviction of perpetrators cutting ATM safes. An electric saw and pry bar were recovered by police in MD.

An incident in Jamaica during June resulted in the theft of J$3m from an ATM. There was no apparent sign of forced entry to the machine.

Explosive Attacks

A couple reappeared in court in Australia and are to face committal later this year. They are accused of using explosive gas to attack ATMs and the theft of AU$100,000. Also in Australia, a failed explosive gas attack occurred in June.

South Africa continued to experience ATM bombings in June.

Consumer Disputes / Consumer Relations

A number of consumer disputes were reported in June. In Nigeria, one report claimed that two out of every five ATM users had become a victim of some form of ATM fraud. Some observers even called for ATMs to be scrapped all together.

Technology in Focus

The benefit of irrefutable transaction logging was demonstrated during a high profile court case in the UK during June. The bank involved won a significant fraud case over what is commonly known as ‘phantom withdrawals’. The card holder had disputed that they had made the transactions in question and claimed that their card must have been compromised. It is understood that transaction log files proved that the genuine card, and not a magnetic stripe clone, had been used to perform the transaction.


The above digest is provided by DFR Risk Management, who provide consultancy services advising ATM and self-service terminal deployers, manufacturers as well as law enforcement agencies on how to manage ATM and Self-Service terminal fraud and security threats.

Contact us:






ATMsecurity Feeds


Copyright © 2021 All Rights Reserved.
Sponsored by DFR Risk Management, specialist consultancy services in ATM security. is focused on ATM Fraud and ATM Security related issues, providing insight, intelligence and information via ATM security news, the ATM security knowledge centre, and ATM security articles.