What is ATM fraud: types and cases of ATM scam2022-04-26
Everything you need to know about ATM fraud
Over the past few decades, ATMs have become commonplace, not only in bank branches, but also in shopping malls, on the streets, and at gas stations. ATMs are improving with new functionality and technology. However, as technology advances, so do the methods of ATM fraud.
In this article, we’ll talk about what ATM fraud is. You will learn about known cases of such scams and types of ATM fraud.
What is ATM fraud
ATM fraud is financial scams through these terminals. Just like any other hardware and software device, ATMs have vulnerabilities. To understand why ATMs attracts fraudsters, we should examine the components of an ATM machine. Any ATM has a computer and a safe. Breaking into the peripherals of the safe is often done with common lock picks.
As a rule, ATMs operate under Windows. If the operating system becomes obsolete, it needs to be updated. Malware can be introduced via a portable device. Today there are 20 known strains of different ATM malware.
Hacking into an ATM computer often allows criminals to give the device the command to dispense cash without using the users’ card details.
Important: Many ATMs are characterized by weak firewall protection (the screen between the global Internet and an organization’s local computer network). Such devices are more likely to be exposed to network attacks.
ATM scam can provoke a lack of hard drive encryption and protection from users who have access to the Windows interface.
Types of ATM fraud
Many users think that physical machine robbery is the worst thing that can happen to an ATM. In recent years, however, ATM fraud has become even more diverse than before. Often, today’s attackers don’t have to be present when a machine attack occurs, ATM crimes are committed through a variety of techniques and types of fraud. Below we will tell about several types of ATM scams.
Shimming is one of the most dangerous types of plastic card fraud. A shimmer is a thin board discreetly inserted into a card reader with a card carrier. As a result, the card is attached to contacts that read data from the magnetic stripe, without interfering with the normal bank card service. In this way, the fraudster gets all the information he needs and can empty someone else’s bank accounts.
Unlike relatively cumbersome skimming devices, shimmers are virtually invisible. Card shimming is used by fraudsters to steal users’ personal data and perform illegal banking transactions.
Important: To avoid shimming, you should carefully check card reader slots. Have you noticed gaps or seams in the plastic? In this case, it is better to refuse to use a particular ATM.
Among the necessary measures that operators use to prevent shimming are regular, thorough inspections of the machine, tracking bank transactions, and monitoring and checking the vicinity of the card slot. Customers should be issued keys and codes to ensure maximum security of banking transactions. To avoid shimming, modern banks regularly update ATM hardware and software.
Skimming is a popular type of fraud. In this case, a hidden device is installed in an ATM, which gives the opportunity to read the information from payment cards during the ATM transaction. As a result, criminals create a card duplicate with a PIN code written on a magnetic strip. The card duplicate allows the criminals to make payments at various points of sale.
If the card slot is sticking out, it may indicate the presence of an ATM skimmer.
Skimmers are miniature devices attached to the main parts of the ATM.
Skimming equipment often contains:
- a magnetic head for data reading and copying;
- miniature converter;
- a storage device for writing the code to the storage medium;
- video camera;
- a keyboard, which is usually installed over the original keypad to transmit the entered information to the intruders.
To avoid becoming a victim of skimming, you should use ATMs located in banks and secure institutions. It is best to have a card with a chip, regularly check the data of payments in banking applications, and if the card is missing, immediately call the bank to block it. In addition, many ATM users prefer to connect an SMS-informing service about card transactions, as well as to set the limit for disbursement of funds per day and per transaction.
Card trap is the placement of a device in an ATM card reader that prevents the cardholder from receiving the card after the machine transaction. The fraudster usually obtains the PIN number by means of a hidden video camera embedded inside a panel on the ATM. If the customer leaves without retrieving the card, the fraudster removes the payment instrument and then uses someone else’s card to make payments or withdraw cash.
If the bank card is forced into the card reader, it is likely that card trapping is taking place. To protect against such fraud, do not move away from the ATM if the card is left in the slot. The first step is to call the bank and report the fraud incident.
Jamming of keyboard
In this case, the fraudsters block important buttons on the ATM keypad (Cancel, Enter, etc.) to prevent the transaction from succeeding. Then, when the necessary data is entered, the criminal uses the ATM to withdraw cash.
You should not go near the jammed ATM and use another ATM, because a skimming device may be installed on it. Quite often criminals disable other ATMs beforehand, in order to attract users to the one on which the skimming device is installed.
Literally, phishing means stealing card details from the cardholder. This type of scam involves stealing passwords, credit card numbers, bank accounts, and other sensitive information. Cybercriminals use personal information to gain access to accounts to which bank cards are linked, allowing them to steal money from their accounts.
Quite often, fraudsters send emails on behalf of government agencies or well-known companies to steal personal data. The purpose of such emails is to make recipients follow the link provided in the email to a fake company website and enter their personal data.
With this method user receive SMS-message suspicious content. The purpose of such a message is to make a person tell the fraudster the card details. The message may contain information about blocking the card. To unblock it, the fraudster may ask for detailed card details. Another way is to send a life-threatening message to a relative or friend of the cardholder. In this case the fraudster can get both money and card data.
To protect yourself from SMS fraud you should not reply to suspicious messages. If fraudsters say that the card is blocked, it is best to call the bank’s official hotline number.
How to prevent ATM fraud
Nowadays, ATMs are sophisticated computer systems that allow the use of various bank services. At the same time, fraudsters use more and more new methods to steal confidential information and money from bank cards. Here are a few tips to help avoid ATM scams.
- Choose ATMs that are well-lit and equipped with surveillance cameras. Avoid abandoned ATMs and terminals that have been vandalized.
- Before using a machine, inspect it, paying special attention to the presence of peripheral devices. Pull the card reader to make sure there are no additional devices. If you notice a suspicious device, you should not remove it yourself. It is best to call the bank. If you have already used the ATM, and only after that suspect something, go to a safe place, report the incident to the bank and block the card.
- When entering the PIN-code, cover the keyboard regardless of the queue near the ATM.
- If you notice a suspicious person near the machine, do not confront him/her. If the behavior of the person caused concern, contact the police.
- After withdrawing money from the ATM, you should quickly and discreetly remove the card, cash, and receipt.
- If you see that the person has forgotten to remove the card from the ATM, do not remove it yourself, as the scammer may later try to accuse you of theft.
Important: Do not under any circumstances disclose your card expiration date, bank message codes, PIN code, or CVV and CVC code to anyone. Use complex passwords and two-factor authentication, set a secure password in the banking application. Do not click on links from email, social networks and SMS if you are not sure about the credibility of the sender or if the message seems strange to you.
ATM fraud cases
Skimming, which involves reading and copying information from a magnetic chip, is one of the most popular types of bank card fraud.
Below are a few cases of skimming in different countries.
- In October 2017, the Jordanian man was convicted in the United States of several years of skimming. Driving around Southern California cities, he placed magnetic stripe readers on ATMs and installed hidden video cameras within sight of ATMs. Over three years, the attacker stole financial information from more than 13,000 clients of Wells Fargo and other American banks.
- Quite often skimming is done by criminals from other countries. For example, at the end of 2017, Indian police detained two groups of Romanian citizens, who were paying attention not to studying the sights, but to installing skimming devices. As a result, more than 1,000 people lost about 6.6 million rupees.
- On January 10, 2018, FIA officers caught Chinese nationals attempting to install a skimming device and gain unauthorized access to the Pakistani ATM’s information system.
- In 2018, it became known about skimming at the gas station in the U.S. city of Des Moines. Two criminals were charged with identity theft, identity fraud, and credit card fraud.
- In May 2019, Brazilian nationals who installed hidden skimming devices and obscura cameras on Eastern Bank ATMs were sentenced in federal court in Boston.
- In 2021, two men were sentenced to 75 months in federal prison for ATM skimming fraud that resulted in $587,529.50 in losses to U.S. financial institutions.
- Faridabad County police arrested two men in 2021 for installing the skimming device and duplicate keypad at more than 30 ATMs in various Indian cities.
- In 2021, criminals who installed skimming devices at pumps at gas stations throughout the Mid-Atlantic region were brought before a U.S. court.
According to an EAST report, the number of attacks involving explosive devices at ATMs decreased in 2021 in Europe. Attacks involving ATM burglaries dropped 42%, while malware and logical attacks on ATMs dropped 74%. Most of the attacks were carried out using the black box method, which involves disconnecting the external casing of an ATM to gain access to its ports.
In 2022, fraud is often perpetrated by initiating payments or withdrawals from victims’ accounts.
Gross card fraud losses are expected to exceed $49 billion by 2030.
As of 2022, there are more than 2.2 million ATMs worldwide. Because of their proliferation, people use ATMs without much thought. These days, however, ATM fraud protection means more than closing the keypad when entering a PIN.
Many fraudsters hack into and break into ATMs to steal card and account information from users. Knowing the PIN code, criminals use the cards to instantly withdraw cash from the account.
There are various methods an attacker can use to commit ATM fraud, but the action itself is about gaining access to a bank account and withdrawing funds from it.
Modern banks use specialized software to protect against ATM fraud. One such solution is ATMeye.iQ. This universal advanced ATM video surveillance software provides protection against vandalism, robbery and fraud. The solution is designed to monitor incidents and has dedicated sensors to identify any suspicious activity. The installation of comprehensive solutions helps to recognize misconduct and ensures absolute security of ATMs.
With all the attention on Internet fraud, it’s easy to forget that ATMs are still a target for money-hungry scammers. As financial services have grown, fraud has become an increasingly common problem.
Below you will find answers to several questions about ATM fraud.
How common is ATM fraud?
With the advent of new technologies, the methods of fraud are also improving. Approximately one in four bank cardholders is exposed to the risk of financial fraud. ATM fraud often involves stealing a card number or a user's personal identification number.
What information does a scammer need?
Fraudsters can find out a bank cardholder's PIN by peeking over his shoulder while the user enters his code near an ATM or electronic terminal. Apart from the PIN-code, the criminals often try to find out the card's expiration date, CVV and CVC-code.
How do I know if there is a skimmer in the ATM?
Try wiggling the card reader to see if it is loose, and look for traces of glue around the reader to detect a skimmer. A fake keypad can be evidenced by uneven buttons. Sometimes the skimmer is disguised so well that not even a bank employee can recognize it.
Can someone use my debit card without my PIN?
Fraudsters can use your debit card without the PIN, all they need is your card number. If you used your debit card for a stand-alone transaction (a transaction without a PIN code), the receipt will show the full card number.
Do banks refund scammed money?
Yes. The bank must return all money stolen from the user as a result of fraud and identity theft.