| ATM Fraud and Security Digest - July 2009 | | | | of paper and stored along with the card in the victim's |
| Explosive Attacks | | | | wallet when it was stolen. |
| South Africa reported a reduction in ATM explosive | | | | Safe Cutting / Safe Breaking / Frontal Attacks |
| attacks in July, attributed to successful intelligence-led | | | | A UK gang was jailed from between three to five |
| policing. Reports of a bank fitting pepper spray to | | | | years for attacks on ATMs utilizing angle |
| ATMs as a defence against both ATM | | | | grindersand crowbars. Cutting |
| bombings and ATM skimming attracted much media | | | | tools and drills were used in other UK attacks during |
| interest. Also in South Africa, a criminal linked to ATM | | | | July. |
| bombings was sentenced to 74 years. | | | | An arrest in the USA (MI) included recovery of an |
| In Australia, there were at least two failed attempts to | | | | angle-grinder used to attack ATMs. |
| use explosive gas to blow up ATMs in July. In one | | | | Cutting tools were used in Australia to remove the |
| incident, the perpetrator did not seem to know how to | | | | back from an ATM. |
| use a blowtorch correctly. The theft of a quantity of | | | | Two suspects were shot dead by police and a further |
| gas in July was feared to be a precursor to future | | | | three arrested in Indonesia. |
| explosive gas attacks. | | | | ATM Skimming / Skimming |
| A former disgraced police officer with explosives' | | | | ATM skimming continued to account for most |
| expertise was arrested in The Philippines following a | | | | reported ATM fraud in July. In Ireland, European Arrest |
| number of explosions targeting banks' ATMs. | | | | Warrants were issued for two suspects linked to |
| An explosive attack was reported from Finland during | | | | losses of Euro 6.5m. The organized crime syndicate is |
| the month of July. | | | | linked to 35,000 transactions and 15,000 compromised |
| Insider Fraud, Theft and Fraudulent Claims | | | | cards. 24 arrests have already been made, including |
| Four suspects were charged with a series of | | | | eight in Italy, two in the Netherlands, two in Belgium and |
| fraudulent claims totalling $1m over five years in the | | | | 12 in Romania. |
| USA. The group had made various claims that their | | | | Two Bulgarian nationals were arrested in Tanzania in |
| cards must have been compromised. Investigations, | | | | July following fraudulent spend with compromised |
| however, identified the perpetrators as being | | | | cards totalling Sh70m. |
| responsible for the withdrawals. | | | | In Canada a potential victim was held in a ‘bear |
| Almost all of Euro 50k stolen from an Irish bank was | | | | hug' by suspected skimmers when his card got stuck |
| recovered from a bank computer expert who had | | | | in a skimming device which he had attempted to |
| used his authorized access to manipulate credit ratings | | | | remove. Also in Canada, police issued a warning in July |
| and overdraft limits of his girlfriend's accounts. | | | | about honey traps combined with shoulder surfing, |
| In the USA, a trusted bank employee stole cash | | | | distraction and hand held skimming devices. |
| (shorted) intended to replenish an ATM. The stolen | | | | A Bulgarian-organized crime gang are understood to |
| cash was credited to the perpetrator's account and | | | | be behind continuing ATM skimming attacks in |
| subsequently withdrawn. | | | | Australia. Separately, a Romanian national was |
| In South Africa, an engineer working for a cellular | | | | sentenced to nine months prison in Australia for ATM |
| phone network was accused of using his position to | | | | skimming. |
| intercept One-Time Passwords (OTP) sent via SMS | | | | Two French/Algerian suspects were arrested in |
| text message. In combination with phishing, the | | | | Cyprus. Fraudulent spend using cloned cards was |
| syndicate was able to compromise on-line banking | | | | estimated at Euro 9,000. |
| accounts and withdraw funds at ATMs. Losses were | | | | The helpful stranger method of card and PIN |
| estimated at R1.8m. | | | | compromise continued to be used in July in South |
| In Pakistan, a bank employee admitted using | | | | Africa. Also in South Africa, a female perpetrator of |
| wireless spy cameras to obtain 1500 customer PINs. | | | | hand held skimming, arrested in June, was sentenced |
| An ATM supervisor of a security management | | | | to 10 years in July. She is known as "the competition |
| company in India was arrested in connection to the | | | | lady". |
| theft of Rs 5 lakh from an ATM. He was identified | | | | An investigation into fuel pump skimming in Sweden |
| from CCTV recordings as, although he had managed | | | | resulted in the arrest of two Hungarian suspects in |
| to disable one of the cameras, another's recording unit | | | | Hungary. More than 200 incidents and losses of 1.5m |
| was inaccessible and thus remained operational. | | | | Kronor are attributed. 108 cards seized during the |
| Ram Raid Attacks / Theft of ATM | | | | arrests included cards compromised in |
| A reward was offered by a US bank following a ram | | | | Sweden. Fraudulent spend also included the USA, |
| raid attack (in OH) with a forklift truck which | | | | Trinidad and The Philippines. |
| removed the ATM in under 90 seconds. Other ram | | | | Multiple ATM skimming incidents were again reported |
| raid and thefts of ATMswere reported throughout | | | | in the USA and the UK throughout July. USA |
| the USA in July, including incidents in CT, GA, TN, AR, | | | | incidents included reports from VA, CT, NY, CA, LA, |
| FL, PA, NC AR, CA, TX, ND, MO and AZ. In one | | | | MD, TX, NC and NV. Police in NV estimate that over |
| incident in TX, two suspects failed to remove the | | | | the last 18 months, 75 skimming deviceshave been |
| ATM with a chain and were arrested hiding in a | | | | recovered including both fuel pump and ATM skimming |
| large garbage bin. The chain had come loose. Another | | | | devices. |
| chain caused problem by breaking during an attack in | | | | A convicted criminal in the UK, originally from Romania, |
| MO. In OH, a failure in opening the crumpled hatchback | | | | is currently serving the second year of a five-year |
| of a Jeep after reversing into the building resulted in | | | | prison sentence. In July, authorities took steps to |
| the failed theft of an ATM. | | | | recover £43k of losses. Attempts to refute the sum |
| A guard in India was attacked and an ATM stolen. RS | | | | were impaired when a picture of his baby surrounded |
| 6 lakh is the reported loss. | | | | with bundles of cash was discovered. In a separate |
| Successful and failed ram raids in Ireland prompted a | | | | UK incident, an alert bank clerk reported a man and a |
| special Garda (police) operation to be initiated in | | | | woman acting suspiciously directly across the street |
| July. Diggers were the vehicles of choice. | | | | from an ATM. When arrested by police, the female (a |
| Intelligence-led policing in the UK resulted in arrests | | | | Romanian citizen) admitted a previous conviction for |
| when a criminal gang attempted to ram raid an ATM. | | | | fraud. Also in the UK, an illegal immigrant from the |
| Following other UK incidents, there were calls for | | | | Ukraine claimed he was forced to perpetrate ATM |
| construction-site operators to ensure their equipment is | | | | skimming in order to pay back people traffickers who |
| properly secured to prevent the equipment being | | | | transported him to the UK. |
| stolen and used in ram raids. | | | | Deposit / Cheque Fraud (Check Fraud) |
| 15 armed men, dressed in SAGSD (police) uniforms, | | | | Deposit fraud was mostly reported from the USA |
| attacked and removed an ATM from a fuel station in | | | | during July. Incidents included depositing empty |
| The Philippines in July. | | | | envelopes and fake cheques (fake checks). |
| Tools were used in Australia to dislodge and steal an | | | | Transaction Reversal Fraud / Manipulation / |
| ATM from a restaurant in July. | | | | Denomination Fraud |
| Card Trapping / Card Theft / Distraction | | | | Transaction reversal fraud was detected in the UK |
| July continued the upward trend in card | | | | during July. |
| trapping incidents, particularly in the UK. Lebanese | | | | Leaving Transaction Live Fraud |
| Loop type traps, combined with spy cameras | | | | A career criminal of Chinese origin faced over 100 |
| or shoulder surfing, were the main fraud methods. | | | | charges for targeting casino customers in the USA. |
| Victims often assume that the ATM has retained or | | | | The modus operandi includes leaving transaction |
| ‘swallowed' their card and may be tempted to | | | | live and shoulder surfing. It is understood the suspect |
| delay reporting the loss of the card which influences | | | | already has 13 felony convictions and a criminal record |
| the magnitude of financial losses. | | | | running to many pages. |
| Two suspects were found guilty in Qatar for card | | | | Vishing / Phishing / Smsishing / Advanced Fee / Funds |
| theft. An Egyptian national and a Moroccan national | | | | Transfer Fraud |
| were each sentenced to one year's imprisonment in | | | | Phishing and related crimes were significant in July, |
| July. | | | | particularly in Nigeria. |
| Distraction methods of card theft were reported in | | | | Two criminals in the USA were sentenced to 102 |
| July. A suspect described as of ‘Eastern European' | | | | months and 51 months imprisonment for vishing related |
| appearance is believed to be responsible for shoulder | | | | crimes which particularly targeted elderly citizens. |
| surfing and subsequent card theft in the UK. The | | | | Vishing was also reported in Ireland and Malaysia |
| modus operandi included the suspect using a map and | | | | during July. The modus operandi in Malaysia included a |
| seeking travel directions from the victim. The map also | | | | claim that the victim's account had an outstanding |
| concealed the theft of the card from the victim. | | | | balance which required to be cleared. A recorded |
| Card swapping in Malaysia included one incident | | | | message suggested the victim pressed "1" for (fake) |
| where low-value banknotes were dropped on the | | | | customer service. |
| ground near the victim while they used the ATM. A | | | | Smsishing combined with funds transfer |
| combination of this distraction method and shoulder | | | | fraud continued in Thailand and Malaysia. An SMS |
| surfing allowed the suspect to obtain (and swap) the | | | | text message sent to a victim in Malaysia encouraged |
| victim's card and PIN. | | | | the victim to call a customer service number and was |
| A disgraced magistrate was found guilty of card and | | | | then instructed to go to an ATM in order to |
| PIN theft and was ordered to repay the victim for | | | | ‘receive' a refund. The process tricks victims into |
| losses which the victim's bank had refused | | | | initiating a transfer out of their accounts rather than |
| to reimburse. The victim's PIN was written on a piece | | | | any receipt of funds. |