EMERGING CHALLENGES: AUTOMATED TELLER MACHINE (ATM) FRAUDS

Shreya Sharma, DRASInt Risk Alliance Private Limited


Introduction

An Automated Teller Machine (ATM) is an electronic banking outlet that allows customers to complete basic transactions without the aid of a branch representative or teller. ATMs are very convenient, allowing consumers to perform quick self-service transactions such as deposits, cash withdrawals, bill payments and transfers between accounts. With due advancements and digital developments, people nowadays are mostly dependent on ATM for their financial purposes. In the recent years, the use ATMs has developed all over India. There are many economical / financial expert evaluates on the growth of ATM usage, especially in urban areas. Now, in the urban areas, people who are living in a busy scheduled life, usually avoid the bank unless it is necessary. Let us discuss the useful nature and services provided by the ATM.


Quick Cash Withdrawal


Just as the name suggests and is well known to all, just insert your ATM Card into the machine, punch the confidential code and then the needed amount in numeric form and you get the cash in your hands. Also, ATM provides money with a 24 x 7 service. All you need is a bank account to get a debit card cum ATM Card issued to you.


Account Balance Inquiry


You can check your account balance at the ATM. Also, there is a facility to get a mini statement of your bank account. Although, nowadays smart phones provides a good service in terms of banking by easy transfers and providing bank account related information.


Deposit Cash/ Cheques


Now, there is no need to go the bank to deposit cash or cheques. ATMs provide a service to deposit cash and cheques easily. One can also request for a new cheque book through the ATM services.


ATM Frauds


Over the past two decades, consumers across the globe depend and trust the ATM to conveniently meet their banking needs. The banks had introduced ATMs approximately 25 years ago, since then the fraudsters are also trying to illegally tap into the system for meeting their ulterior motives. In recent years there has been a proliferation of ATM frauds across the globe. ATM Fraud is described as a fraudulent activity where the criminal uses the ATM Card of another person to withdraw money instantly from that account. Fraudsters nowadays have developed every other means to intercept both the data on the card’s magnetic strip as well as the user’s Personal Identification Number (PIN). Talking in terms of numbers, as early as in 2002 New York Times in one of its reports stated that more than 21,000 American bank accounts were skimmed by a single group engaged in acquiring ATM information illegally (Cybercrime - ATM fraud _ Britannica, n.d.). In August 2005, Gartner estimated that about 3 million US consumers were affected by ATM card fraud in the previous year, with annual losses of $ 2.75 billion (Debold, 2018).


Most, ATM frauds happen due to the negligence of customers in using the ATM (Dubey, n.d.). Many banks have not sufficiently educated the customers on the basic usage of cards, resulting in ignorant card holders either losing their cards in the machine, or in rare cases panic- stricken customers breaking the glass door to exit the ATM enclosure after a late night transactions. The number of ATM frauds in India is more through gullible clients disclosing their confidential PIN to others, rather than by sophisticated crimes like skimming. We all must have seen and came across a situation where customers provide their PIN to their known and trusted ones. Most ATM frauds in India, thus, happen due to this negligence resulting into a fraud. As the Indian ATM market is growing exponentially, this provides an opportunity to the fraudster to go for advanced techniques like dispenser trapping, spoofed email etc. Hence, ATM frauds and security have emerged as leading topics of interest among owners and operators of ATMs. Minimising losses, mitigating risks and maintaining consumer confidence in the ATM channel are logical priorities for banks and others who deploy ATMs.


Categorization of ATM Frauds


Let us discuss the various ways of ATM frauds which are popular by nature and generally practised by fraudsters (Issues, 2019).


Card Fraud


The most vulnerable component of ATM Fraud is the ATM Card which includes every necessary detail of the customer. Once compromised, the data it contains can lead to many other types of ATM Fraud. Customer’s PIN often obtained through casual observation, data from a magnetic strip can reproduce or clone ATM cards using inexpensive, commercially available equipment.


Operational Fraud


Typically, this type of fraud is perpetrated from within. Employers who are responsible for ATM management compromise the sensitive information to fraudsters. Or worse, even the employees with unfettered access to ATMs and related customer information can use that access to commit economic crimes that are difficult to detect.


Equipment Fraud


Another concern for operations of ATM Fraud is related to fake ATM Equipment. This ranges from add-on devices such as fake card readers or skimmers to subterfuges involving false fascia’s or even bogus ATMs. The first recorded instance of using fake ATMs dates way back to 1993, when a criminal gang known as the Buckland Boys installed a fake ATM at a shopping mall in Manchester city. Like most fake equipment it was not designed to steal money. Instead, the fake ATM appeared to customers as if it was not working, while stealing card data from everyone who attempted to use it.


Digital Fraud

Fast growing operating system has led to greater connectivity and inter-connectivity of ATMs. Vast network including ATMs, branch system, phone systems, ticketing systems and other infrastructure connected via the World Wide Web are susceptible digitally. Digital attackers include vandals who author viruses or worms intended to exploit the ATMs operating system, criminals and hackers attempting to violate the confidentiality, integrity or authenticity of transaction related data.


ATM Security


With the rise in technological advancements, operations and transactions for banks have now become easy. Banks offer customers with enhanced services by assisting them in net banking besides their ATM Services. With such enhanced services also come unfathomable security risks. Banks are focusing more on securing their customer’s interest from ATM Fraud. Customer awareness among people, a step towards prevention in ATM frauds like ATM card skimming, card jamming, card swapping, card theft, physical attack, ATM take-away, purse-snatching, shoulder surfing, vandalism and jackpotting is contributing immensely towards ATM security.


ATM Theft Techniques


To steal funds from a person’s account, thieves work to access both the victim’s card or card details, and their Personal Identification Number (PIN). The techniques that ATM thieves use to achieve these can be divided into ‘Person- centred’ and ‘Machine-centred’. Let us discuss these techniques in brief:


Person Centered Technique


Distraction Theft: This type of crime is usually performed by at least two people, although some distraction thieves work alone. This process usually involves one person distracting the victim, while the other helps themself to the victim's unattended belongings. Once the ATM User has entered their card details, the thief distracts them before they have removed their card. While the victim is distracted, the thief removes the card from the slot. Common distraction methods include drawing a victim’s attention to money on the floor, requesting local directions, using abrupt and loud word to distract the user, knocking into the victim or spilling food or drink on or near them (Sherrif, 2019).

Shoulder Surfing: It occurs when someone watches over your shoulder to nab valuable and confidential information such as your password, ATM PIN or credit card number, as you into an electronic device. When such snooped information is used for financial gain, the activity becomes identity theft (Symanovich, 2019). The modus operandi involved can be illustrated as the thief standing near the victim, observes them as they enter their PIN. Sometimes, thieves may also enter the PIN into their phone, pretending as though they are sending a text.

Remote Observation: In such technique, the thief might be looking from a nearby vantage point, such as a window, using a camera zoom or binoculars; the thief observes the victim’s entry on the ATM keyboard as they provide the PIN and later uses it for illegal purposes.




Pick- pocketing of User at ATM: An action related to stealing the card from the user. In such cases the thief removes the card from the packet or bag of the user as they leave the ATM.


Machine-centered Techniques


Pinhole Camera: In such technique, the thief mounts a pinhole camera directly onto the ATM so that it can record the PIN as it is entered. This video footage is transmitted to a nearby receiver enabling the PIN to be united later with the stolen card or card details.


Card Trapping: In this technique, the thief fits a device called a ‘Lebanese Loop’ within the card slot of the ATM. The device retains the card after the PIN has been entered. Whilst the victim enters the bank to report the problem the thief removes the device along with the victim’s card.

Card Skimming: ATM skimming is a theft of card information, where a small device, known as a skimmer, is used to steal the information during a legitimate ATM transaction. As the card is swiped at the machine, the skimmer device captures the information stored on the card's magnetic strip. Skimming devices are used by criminals to capture data from the magnetic strips on the back of ATM card. This device contains factory installed card reader, which when removed from the ATM, allows a skimmer to download and gain access to personal data belonging to everyone who is using the ATM machine. An inexpensive, commercially-available skimmer can capture and retain the information from more than 200 ATM card before being re-used. In some severe cases, the boldest of thieves have gone so far as to place signs on ATM instruction cardholders to ‘swipe here first’ before continuing with transactions. In 2018, several people in Kolkata have reported ATM Frauds in which almost 80 customers of leading public or private sector banks allegedly lost over Rs 20 lakh. After investigations, it was concluded that the fraudsters used the card skimming technique to clone cards to withdraw money illegally (ET, 2018).


Conclusion


Fraud attacks on ATM networks are a worldwide phenomenon. Nowadays common robbery includes stealing the money from ATM machine only. One such supporting case involves a 27 year old man from Haryana’s Mewat district, was wanted-in 33 cases of ATM robbery across India (PTI, 2019). According to the Reserve Bank of India data, Maharashtra informed the highest of ATM fraud cases in 2018-19, with 233 cases. Delhi stood on the second spot with 180 cases, followed by Tamil Nadu with 147 cases of ATM fraud. ATM frauds have evolved from beginning as skimmers to well-structured hacking now, ATM fraudster have changed their methodology. ATM vandalism is also becoming a growing phenomenon in India. In one of the case in Delhi, the goons pretended to be the bank official and removed the whole ATM machine from the ATM shop. The machine had almost Rs. 9 Lakh ( Times Now, 2019). In other case of vandalism in Delhi, the goons used the gas cutters to remove the cash box from the machine. It was reported that three ATMs were uprooted from South East Delhi in a span of just one week, with over Rs 36 lakh gone (Mahender Singh Manral, 2020). Preventive measures are enumerated but not limited to following:


General Preventive measures


There are some of the methods to minimize the risks associated with ATM fraud are given below:


Video Surveillance


It can probably become be the primary method used to increase awareness and deter fraud attempts at the ATM is the installation of closed-circuit television cameras mounted in plain view or near the ATM (mostly at the entrance). Alternatively, cameras can be easily integrated into the fascia of most ATM machines and improved security can be achieved by installing additional site cameras on and around the premises.


Remote Monitoring


Remote diagnostic services provide an automated means to monitor and manage ATM networks. Remote monitoring can communicate important messages that may indicate tempering with machine. Remote diagnostics, monitoring and management provides improved uptime and reduced risk. These services provide dispatch avoidance and enable a group of central support associates to control keyboard and mouse operations of ATMs directly from remote PCs.


Anti-Skimming Measures


There are variety of methods that may be employed to deter card skimming or can be used as anti-skimming solutions (Debold, 2018):


  • Jittering: It is a process that controls and varies the speed of movement of a card as it’s swiped through a card reader, making it difficult to read the card data by the external device.

  • Alert Systems: These systems monitor routine patterns of withdrawals and notify operators or banks in the event of suspicious activity.

  • Chip-based Cards: These are the card house data on microchips instead of magnetic chips, making data more difficult to steal and cards more difficult to reproduce.

  • Foreign-Object Detection: ATMs equipped with type of technology can alert owners, operators, or even in some case the law enforcement in the vent that skimming device is added on the fascia of an ATM.

Awareness and Consumer Education


Deterrence of potential fraud attempts can be achieved by a joint effort involving banks, the consumer and ATM manufacturers/service provider. Banks should stress the importance of awareness at the ATM to their customers and promote vigilance in reporting any irregularities in the appearance and operation of the ATM. Many customers use the same ATMs in their daily or weekly banking routines which make them vulnerable to fraudsters on prowl.


Branches at ATM Locations

  • Must ensure outlining basic safety precautions for using ATMs should be provided by the branches in the ATM enclosure.

  • ATMs should not be located at the corner of a building, as corners create a blind area. An ATM further from corner, preferably near the centre of the building, reduces the element of surprise by an assailant and increase effective reaction time by the user.

  • ATMs should have maximum natural surveillance and visibility from the surrounding areas; thereby increasing the potential for witnesses.

  • ATM location should be void of barriers blocking the line of sight of this ATM. e.g. shrubbery, decorative partitions, dividers, landscaping etc. to prevent would be assailant from hiding.

  • Installation of closed Circuit Television Cameras attached to a time lapse VCR system is a must.

At Bank Level


  • Banks should keep an eye on the cards in circulation-check the logo, uniformity of card number, date of enquiry, their shape and other parameters.

  • One way to find out if an ATM card is counterfeit is to try and peel off the magnetic strip and signature panel on its back. It does not peel off in genuine cards.

  • Banks can procure the anti-fraud software that keeps track of ATM users’ spending habits and flags unusual transactions

  • Banks should implement ATM programming enhancements like masking/ non-printing of card numbers.

  • Banks should educate the customers by advising them regularly of risks associated with using the ATM and how to avoid these risks.

  • Banks should conduct and document periodic security inspection at the ATM location, and make the pertinent information available to its clients.

  • Banks should educate bank personnel to be responsive and sensitive to customer concerns and to communicate them immediately to the responsible bank officer.

At Customer Level

  • At the earliest, after receiving the card and PIN, customer must change the PIN and destroy the PIN matter.

  • Customer must avoid the obvious when selecting a PIN-name, telephone number, date of birth, vehicle number.

  • Customer must memorize PIN. If he/she writes down PIN on paper then, do not keep it in purse or along with the ATM card.

  • Customer must always collect the cash within 30 seconds else the cash will go back into the ATM.

  • Do not count cash at the ATM, put cash, card and receipt and away immediately.

  • Customer must not lend his/her ATM card to anyone; treat it as if it were cash or a credit card.

  • Customer must not accept offers of assistance with the ATM from strangers, always ask the bank for help.

  • Customer should always make a record of ATM card, PIN numbers and telephone numbers for reporting lost or stolen cards and keep that list in a safe place.

  • Customer must not reveal PIN to anyone, including bank employees/representatives, the police, shop employees etc.

  • While using the ATM, customer must shield the ATM keyboard from anyone who may be standing just outside the enclosure, attempting to view PIN.


DRASInt Risk Alliance Private Limited aims to protect the assets. It continues to evolve, narrating each facet of the financial fraud. We provide better solutions and recommend approaches as a preventive measure of frauds. Our aim is to create awareness amongst masses to prevent them by falling prey to evolving methods of fraud.

DRASInt Risk Alliance Private Limited acts as your Consultative Investigative Unit (CIU) for Field Investigation Services and Surveillance. We specialize in investigations related to Arson, White Collar Crime, Financial Fraud and Malpractice, Corporate frauds and Forgery. We dedicate ourselves to Protective Intelligence, Industrial Counter Espionage, Industrial Surveys, Asset Verification, Accident Investigation Services and Fire Damage Investigation Services, Character Report, Background Verification, Identity Verification Services, Pre-Employment Check, Documentary Proofing, Bank Card Verification, Digital Forensics Services and Forensic Audit Services, Insurance Fraud investigation and Insurance Claim Verification. We also undertake to investigate Anti-Counterfeit Services, Infringement of Trade Mark, Trademark Verification and Pilferage of Good. As a private investigator we undertake Property Dispute and Asset Verification Investigations, investigations related to Matrimonial Discord, Extra Marital Affairs, and Spouse Fidelity and Pre Matrimonial Verification. Sourcing and provisioning of Security Manpower and Equipment, and to conduct Security, Investigation, Intelligence Awareness Training programs are some of our other specialties.

Book for free Consultation with our experts today.

Mobile Number:+918290439442, Email-forensic@drasintrisk.com


DRASINT RISK ALLIANCE PRIVATE LIMITED कॉपीराइट के उल्लंघन, साहित्यिक चोरी या प्रकाशन के अन्य उल्लंघनों के मुद्दों को बहुत गंभीरता से लेती है। हम अपने इंसट्रक्टर्स के अधिकारों की रक्षा करना चाहते हैं और हम हमेशा साहित्यिक चोरी के दावों की जांच करते हैं। प्रस्तुत पाठ की जाँच की जाती है। जहाँ पाठों में पाया जाता है कि उन्होंने किसी अन्य कार्य को करने की अनुमति दी है या बिना अनुमति के या अपर्याप्त स्वीकृति के साथ तृतीय-पक्ष कॉपीराइट सामग्री शामिल है, हम कार्रवाई करने का अधिकार सुरक्षित रखते है । प्रतियाँ बनाने का अधिकार डेटाबेस, या वितरकों को उपलब्ध है जो विभिन्न दर्शकों को पांडुलिपियों या पत्रिकाओं को प्रसारित करने में शामिल हो सकते हैं। DRASINT RISK ALLIANCE PRIVATE LIMITED प्रकाशित सामग्री का एकमात्र मालिक है।


REFERENCES


1. Abdullahi, I., Mishra, A., & Ahmad, B. (2010). Fraud Detection and Control on ATM Machines, an Algorithm for Combating Cash and Fund Transfer. International Journal of Physical Science, 5(january).

2. Cybercrime - ATM fraud _ Britannica. (n.d.).

3. Debold. (2018). Atm Fraud and Security. Europe.

4. Dubey, N. (n.d.). ATM card fraud_ Victim of ATM card fraud_ SBI to issue refunds to affected customers - The Economic Times.

5. ET. (2018). ATM fraud_ ATM Skimming_ Read this to save yourself from the new ATM fraud.

6. Issues, N. (2019). Types of ATM fraud.

7. Mahender Singh Manral. (2020). Delhi_ Over Rs 50 lakh gone, no arrest in daring ATM heists _ Cities News,The Indian Express.

8. Now, T. (2019). Delhi ATM robberies_ WATCH_ Robbers decamp with Rs 24 lakh after striking 3 ATMs in a night in Delhi; police remain clueless _ Crime News.

9. PTI. (2019). Man Wanted In 33 ATM Robberies Arrested In Delhi.

10. Sherrif, V. (2019). Beware of distraction thieves.

11. Symanovich, S. (2019). What Is Shoulder Surfing ? (pp. 1–6). pp. 1–6. Retrieved from https://www.lifelock.com/learn-identity-theft-resources-what-is-shoulder-surfing.html

12. Team, B. W. (2019). maharashtra-tops-in-atm-frauds-delhi-tamil-nadu-karnataka-follow-119072200187_1.


© 2020 by DRASInt Risk Alliance Private Limited | Corporate Risk Management

  • Facebook
  • LinkedIn
  • Twitter
0