Different methods of ATM card fraud

On Wednesday, India's largest bank, State Bank of India, said it had blocked close to 6 lakh debit cards following a malware-related security breach in a non-SBI ATM network. Several other banks, such as Axis Bank, HDFC Bank and ICICI Bank, too have admitted being hit by similar cyber attacks — forcing Indian banks to either replace or request users to change the security codes of as many as 3.2 million debit cards over the last two months.

ATM FRAUD

Keypad jamming:
The fraudster jams the 'Enter' and 'Cancel' buttons with glue or by inserting a pin or blade at the buttons' edge. A customer trying to press the 'Enter/OK' button after entering the PIN, does not succeed, and thinks the machine is not working. An attempt to 'Cancel' the transaction fails as well. In many cases, the customer leaves — and is quickly replaced at the machine by the fraudster. A transaction is active for around 30 seconds (20 seconds in some cases), and he is able to remove the glue or pin from the 'Enter' button to go ahead with the withdrawal. The loss to the cardholder is, however, limited by the ceiling on withdrawals, and the fact that only one transaction is possible without swiping the card again and re-entering the PIN. Commonsense advice: do not seek the help of a stranger to withdraw cash, and do not leave the ATM box until the transaction has been cancelled. Banks do not take responsibility for such a fraud, which they put down to negligence on the part of the cardholder.

Card swapping:

Sometimes, when a customer uses his debit card at a merchant establishment, the fraudster (who could be a fuel pump attendant or a restaurant waiter, etc.) will make a note of the PIN that is keyed in and, while returning the card, swap it with an identical dummy from a store of several cards he keeps. With both card and PIN, the fraudster can then withdraw cash until the cardholder is able to block the card. Banks advise customers to make sure their card is always in sight, to check if it is indeed theirs when an attendant hands it back, and to not ask him to punch in the PIN at the 'point of sale' terminal. In cases of card swapping fraud too, banks do not accept liability.

Skimming:

This kind of fraud is more sophisticated. A small skimming device is planted in the ATM's debit card slot, which is able to read the information on the card's magnetic tape. The information, once copied, can be reproduced on any card, which can be subsequently used to withdraw cash. The customer's PIN is captured by a small camera that the fraudster installs in the ATM kiosk. Banks generally take the liability for skimming frauds and make good the customer's loss. However, the customer must block the card after the first instance of misuse. — ENS

While using debit card:

* Never let anyone see you entering PIN
* Always wait for 'Welcome' screen to be displayed after completing transaction
* Ensure bank has your current mobile number so you get alerts for transactions
* Watch out for suspicious movements of people around the ATM or strangers trying to engage you in conversation
* Check if the card given to you by the merchant after completion of the transaction is yours
* Look if there are any visible extra devices attached to the ATM
* Inform the bank immediately in case your ATM/Debit card is lost or stolen, or if you notice a transaction you didn't do
* Check transaction alert SMSes and bank statements frequently

And do not:

* Write your PIN on the card; memorise it
* take help from strangers or hand your card to anyone else
* disclose your PIN to anyone, including bank employees and family members
* allow card to go out of your sight
* speak on the mobile while transacting; it distracts you

Comments