Caution: ATM Scams
by Tara A. Spears
Thieves always work overtime during the holiday season, and this year they have target local ATM machines. Since many of the residents are retired expats with foreign bank accounts and regular monthly deposits, this group is a gold mine for would be thieves. To avoid having your account depleted, take the time to follow a few safety steps. The methods used by criminals to gain entry to your money accounts include hacking into bank databases, phishing scams and unsolicited emails, the breaching of retailer computer systems and card skimming devices placed on ATMs.
Skimming Defined: In general, skimming occurs when ID thieves secretly install special equipment in credit card readers either at the ATM, gas pump machine or any other card swiping device to capture the personal information on your card each time you swipe.
The reader makes two copies of your credit or debit card information: one to process the transaction and one to later download the information to the ID thieves. There’s sometimes a hidden camera to record your pin, as well. There have been instances, too, where your information gets transmitted wirelessly to thieves. On average ID thieves rake in $30,000 per skimming incident, according to ADT Security Solutions.
Closely study the following pictures of a safe machine and one that is tampered with:
Skimming typically involves the use of a hidden cameras (top) to record customers’ PINs, and phony keypads (right) placed over real keypads to record keystrokes.
According to the fraud department of the American Banking Association, there are currently four main types of electronic theft occurring worldwide:
Fraudsters make counterfeit ATM cards by using a skimmer, which is a card-swipe device that reads the information on a consumer’s ATM card. Scammers take a blank card and encode all the information from an ATM card when they swipe immediately after the machine’s last transaction. The skimmer catches the PIN (personal identification number) through a small camera mounted on the ATM. The consumer is unaware they’ve been scammed because the ATM card has not been stolen and still works at other machines.
The “Lebanese Loop” is another popular ATM scam. Scammers insert a portable steel loop into an ATM card slot. The scammer usually approaches the victim while at the machine, and poses as the person next in line. Victims are advised to enter their PINs three times and then hit cancel to get the machine to accept the cards. The scammer is able to memorize the PIN for future use and the machine keeps the card because of the excessive number of attempts to enter the correct PIN. Victims leave in frustration because they couldn’t get any money and they’ve lost their card. Once the loop is taken out of the ATM the scammer has the card and the PIN number for future transactions. This is a relatively new scam that many experts believe will be short-lived due to fast technology upgrades.
In some situations, criminal hackers are able to capture account information by using WiFI scanners and cracking programs to download transaction data when the systems fail to be protected by high-level encryption software. Thus far, those I talked to in the area who were scammed have been Mexican and American- I’ve read that Canadian banks have a better, safer encoding magnetic strip on their cards-perhaps it’s true.
Bandit machines. These ATM machines look like the real thing but are not owned/connected to an actual bank or financial institution. The criminals place them near legitimate machines, place an ‘out-of-order’ sign on the real machine which channels customers to the bogus machine. The bandit machine will not give you money, but is there to record your personal information for the thieves to be able to access your account.
Phishing scams and unsolicited emails
Phishing is probably the easiest method for criminals to get into your account and is a widespread fraud technique. Some of the scams are quite clever but they all rely on poor judgment by the recipient to be effective.
Never click a link in an email to go to your bank, credit union, financial investment institution, eBay account or anywhere else to log in if it’s related to your finances. Always go to these websites directly from your bookmark or by typing in the address yourself. If even that worries you then give the bank a call and ask them for information. Following this simple rule will protect you from getting “phished” by a criminal. Every time you delete- it’s even better to ‘spam’- an email requesting that you click a link to enter your credentials on a banking website foils a phishing scam.
Guidelines to avoid ATM fraud:
Keep a low monthly limit on your cards
Keep your PIN in a safe place and don’t tell it to anyone
Watch out you are not observed when entering your PIN
Don’t keep your PIN in your wallet
Don’t be distracted or helped by persons near ATM
After the completed transaction make sure the card you are holding is yours and has not been swapped
If many ATM machines are out of order in your local area, they might have been intentionally damaged to direct you to the single one who is working
Use Trusted ATM locations. Your bank’s indoor ATM is a safe bet, since it’s usually guarded with a security officer or camera. It’s much more difficult for ID thieves to compromise an indoor bank ATM than say, a random ATM on the street corner outside a convenient store.
If your card gets lost, stuck in an ATM machine or stolen cancel it and report to your bank or police as soon as possible
Check to see if anything has changed on your machine!
Learn to spot scams. Call the customer service number on the back of your card if you suspect a fraud attempt.
Shield the keypad and your card number from view when entering your PIN into an ATM. Some brazen thieves will use binoculars to steal account information and then create counterfeit cards. Ask questions if a store clerk swipes your card using two different machines; one of them could have been a card reader used to copy your account information.
If your card is denied, use another machine. Skimmers aren’t efficient and may need you to punch in your pin more than once in order to fully record your information. If you get asked more than once to submit your information, cancel the transaction and move to a different machine. If possible, notify a bank rep of the difficulty with the machine.
Check Your Card’s Activity Regularly. While we can’t always prevent ID theft, we can be proactive in limiting the damage. Check your card’s activity online daily to make sure the transactions are, in fact, legitimate. Notify any suspicious activity to your bank as soon as possible.
If you still think that skimming and card fraud is something that couldn’t happen to you, read these facts as reported in USA TODAY: Avivah Litan, fraud analyst at Gartner, a research firm, estimates that fraud involving debit cards, PINs and point-of-sale equipment has surged 400% over the past five years. One tactic, she says, has been “flash attacks”: Using the stolen information, gangs create thousands of counterfeit debit cards and then dispatch cronies to at least 100 ATM machines in several cities at once. Each withdraws a small dollar amount from several accounts to avoid fraud-detection software, adding up to tens of thousands of dollars in losses.
Until recently, skimming equipment was relatively crude and clunky, attached to card-readers with double-stick foam tape and relying on small cameras to record hands punching in PINs. Newer devices include equipment that fits inside card readers, pinhead-sized cameras and well-crafted attachments that sit snugly on top of ATM card readers and PIN pads, looking just like the real equipment. Bluetooth technology allows the fake card reader and PIN pad to talk to each other, and data drives or wireless technology can make downloading of stolen information quick and easy.
Fraud criminals also are targeting bigger players: Whereas most of the fraud in previous years took place at independent ATMs or at retail points of sale, fraud at bank-owned ATMs made up more than 80% of the breaches in the first six months of this year, says Fair Isaac, which provides fraud-detection software. “If it’s done correctly you would not notice that anything looks amiss,” Krebs says. In a traditional skimming scam, thieves place a card-skimming device into the card insertion slot. The skimmer can steal account information stored on the magnetic strip on back of the card when it is dipped into the machine. The new twist? Clear plastic overlays also are placed on top of the PIN pad to capture personal identification numbers. Also, some skimmers can text the stolen bank account information and PINs directly to the scammer so that person never has to return to the scene of the crime. I was horrified to learn that scammers don’t have to be in the area to hack- they can be sitting anywhere in the world!
By being aware of the potential fraud, you can take precautionary steps to prevent becoming an electronic victim.