Thursday, June 10, 2010

ATM FRAUD DISCOVERED!!

We have been hearing of  bank fraud and other kinds of high-tech fraud  but lets take an inner look into another kind of fraud which is ATM  fraud.This has been rampant in African countries though it has not been given much publicity.this was especially in west African states with Nigeria being on the top note.
Of late this machine has become a neccesity in our lives since we find it very hard to walk with hard cash.Like I have always said "where there is money you can never miss a scam  because people need to get money after all."
 As with any device containing objects of value, ATMs and the systems they depend on to function are the targets of fraud.There eare different forms of fraud inline with ATMs


The first known instance is of having a fake ATM machine. A fake ATM was installed at a shopping mall in Manchester, Connecticut in 1993. By modifying the inner workings of a Fujitsu model 7020 ATM, a criminal gang known as The Bucklands Boys were able to steal information from cards inserted into the machine by customers.They used this information to access the victims accouynts and syphoned big backs from them.In kenya one man was nabbed by the police after being alerted by a guard manning ATMs that he had been withdrawing a lot of money for a long time.The man was foun with 120 ATM cards belonging to different individual.

In another case , a bank fraud could occur at ATMs where the bank accidentally stocks the ATM with bills in the wrong denomination, therefore giving the customer more money than should be . The result of receiving too much money may be influenced on the card holder agreement in place between the customer and the bank.Taking acse like this one where in Virginia Beach of September 2006 a hacker who had probably obtained a factory-default admin password for a gas station's white label ATM caused the unit to assume it was loaded with $5 USD bills instead of $20s, enabling himself—and many subsequent customers—to walk away with four times the money they said they wanted to withdraw.

ATM behavior can change during what is called "stand-in" time, where the bank's cash dispensing network is unable to access databases that contain account information (possibly for database maintenance). In order to give customers access to cash, customers may be allowed to withdraw cash up to a certain amount that may be less than their usual daily withdrawal limit, but may still exceed the amount of available money in their account, which could result in fraud.

some scammers use the queue to hijack customers pin numbers.They satnd back to back  to make it easy for them to see the number then memorize it .
For a low-tech form of fraud, the easiest is to simply steal a customer's card. A later variant of this approach is to trap the card inside of the ATM's card reader with a device often referred to as a Lebanese loop. When the customer gets frustrated by not getting the card back and walks away from the machine, the criminal is able to remove the card and withdraw cash from the customer's account.

Another simple form of fraud involves attempting to get the customer's bank to issue a new card and stealing it from their mail.Some ATMs may put up warning messages to customers to not use them when it detects possible tamperingThe concept and various methods of copying the contents of an ATM card's magnetic stripe on to a duplicate card to access other people's financial information was well known in the hacking communities by late 1990
Back in the year 1996 Andrew Stone, a computer security consultant from Hampshire in the UK, was convicted of stealing more than £1 million (at the time equivalent to US$1.6 million) by pointing high definition video cameras at ATMs from a considerable distance, and by recording the card numbers, expiry dates, etc. from the embossed detail on the ATM cards along with video footage of the PINs being entered. After getting all the information from the videotapes, he was able to produce clone cards which not only allowed him to withdraw the full daily limit for each account, but also allowed him to sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he could withdraw as much as £10,000 per hour by using this method. Stone was sentenced to five years and six months in prison.

By contrast, a newer high-tech method of operating sometimes called card skimming or card cloning involves the installation of a magnetic card reader over the real ATM's card slot and the use of a wireless surveillance camera or a modified digital camera to observe the user's PIN. Card data is then cloned onto a second card and the criminal attempts a standard cash withdrawal. The availability of low-cost commodity wireless cameras and card readers has made it a relatively simple form of fraud, with comparatively low risk to the scammers.

In an attempt to stop these practices, countermeasures against card cloning have been developed by the banking industry, in particular by the use of smart cards which cannot easily be copied or spoofed by unauthenticated devices, and by attempting to make the outside of their ATMs tamper evident. Older chip-card security systems include the French Carte Bleue, Visa Cash, Mondex, Blue from American Express and EMV '96 or EMV 3.11. The most actively developed form of smart card security in the industry today is known as EMV 2000 or EMV 4.x.

EMV is widely used in the UK (Chip and PIN) and other parts of Europe, tyhouigh the technology is yet to be embraced here in kenya ,but when it is not available in a specific area, ATMs must fallback to using the easy to copy magnetic stripe to perform transactions. This fallback behaviour can be exploited.However the fallback option has been removed by several UK banks, meaning if the chip is not read, the transaction will be declined.
From an FBI  report In February 2009, a group of criminals used counterfeit ATM cards to steal $9 million from 130 ATMs in 49 cities around the world all within a time period of 30 minutes.

Card cloning and skimming can be detected by the implementation of magnetic card reader heads and firmware that can read a signature embedded in all magnetic stripes during the card production process. This signature known as a "MagnePrint" or "BluPrint" can be used in conjunction with common two factor authentication schemes utilized in ATM, debit/retail point-of-sale and prepaid card applications.
Another ATM fraud issue is ATM card theft which includes credit card trapping and debit card trapping at ATMs. Originating in South America this type of ATM fraud has spread globally. Although somewhat replaced in terms of volume by ATM skimming incidents, a re-emergence of card trapping has been noticed in regions such as Europe where EMV Chip and PIN cards have increased in circulation.
This has been the security trend in the ATM fraud.but as technology takes its course, the scammesr make use of it to make easy kill.so better watchout!!.

No comments:

Post a Comment