Thursday, March 12, 2009

Some tips on successful ATM fraud and to protect yourself!

ATM Fraud devices such as skimmers, physical key-loggers, Card Reader/writer are freely available

A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs (automated teller machines) and avoid towns with fewer than 15,000 residents.

I basically think fraudsters tips are widely available on internet - all users need to do is bit of research. What we need is fraudsters prevention tips which we will hardly find on internet.

The hacker, who went by the handle "Chao", reportedly was arrested earlier this month in Turkey. He was one of the most well-known ATM hackers in the world, according to Uri Rivner, head of new technologies for RSA Consumer Solutions.

Chao sold fake faceplates that fraudsters could attach to the card slots in ATMs. These "skimmer" devices can read the magnetic stripe of every customer's ATM or credit card, and are often used in conjunction with a hidden camera that watches people enter their PINs (personal identification numbers), Rivner says. Alternatively, criminals can attach an extra keypad on top of the one in the machine and capture the PIN that way, he adds.

After collecting this data over a period of time in these devices, the fraudster can remove the devices and use the information to make counterfeit ATM and credit cards that can be used in stores and ATMs. There are other such devices that can send the information to a nearby computer via wi-fi, he adds. Fraudsters also commonly produce counterfeit cards using information stolen directly from bank and credit-card databases. Overall, card counterfeiting is one of the major types of fraud against ATM and credit card issuers, representing roughly 30% of their fraud losses in the US and other part of the world.

Credit card skimmers are available on ebay quite easily. Once, the fraudsters has the credit card details they can use that details to make duplicate credit card using magnetic card writer device called MSR 2006 or other similar devices.

In an animated online video commercial for his skimmers, Chao provided a glimpse into the world of ATM hacking with a series of tips for potential customers who would buy and install his products.

Picking an ATM to target with this scheme requires watching the surrounding area for days or weeks and taking notes on foot traffic and other characteristics, Chao says in the video. Among his tips are these:

— don't install a skimmer in the morning, because people are more vigilant then;

— determine where a person would have to stand to keep an eye on everything happening on that block;

— avoid blocks where more than 250 people per day walk through, because of the danger of detection;

— don't install skimmers in towns with fewer than 15,000 people, because people in those towns know what their ATMs look like;

— avoid areas with small shops open 24 hours a day, because there may be surveillance cameras and vigilant shopkeepers;

— don't set up in areas where a lot of illegal immigrants live;

— places with a lot of tourist traffic are good;

— look for affluent neighbourhoods and drive-through ATMs;

— ATMs near cash-only bars are a good bet for lots of customer activity.

These tips are basically common-sense. Do you think fraudsters will install skimmer in a town where there is only 2 ATMs and everybody knows each other?

It's fairly rare for a consumer to be a victim of skimming, but Chao's tips indicate consumers are probably safer if they use ATMs at their own banks or financial institutions, says Enterprise Strategy Group analyst Charlotte Dunlap. The safest course would be to use machines inside the bank, though that's not practical for most people's schedules, she notes.

Consumers also should keep tabs on their account activity, via statements or the web, and report any abnormal activity, Dunlap advises. Consumers typically are protected from this type of theft, as they are with a lost or stolen credit card, she says.

I have been reading about ATM-fraud for last 10 years now. I have done enough research to write a book on this topic. All i can say this information is widely available on internet. People using forums, irc channels and groups to trade this information.

I always advise my readers, users, friends and colleagues with the following tips to protect themself from ATM fraud:

- cover your keypad with other hand when entering your PIN

- carefully monitor your credit card statement

- always look around before using ATM machine

- Avoid using ATM machines at pubs, clubs, petrol stations, etc

- Always try to use ATM machines located at banks

- When using merchant, make sure you don’t let your card go away from your sight ( Credit card skimmers can also be installed at merchant POS machines )

- Always pay attention and use little bit of your common sense

- Any transaction which you are unable to recognize – contact your bank immediately

- Reduce your ATM – withdrawal limit to minimal

- Always use bank teller counter to withdraw cash as they manually verify the card-holder

Please contact me if you have any questions.

3 comments:

Anonymous said...

excellent article. Can you still buy card skimmers on eBay? Wonder why it is bad to install skimmers in areas with high immigrant populations.

Shoaib Yousuf said...

http://magneticstripe.altervista.org/index.htm

or try

http://shop.ebay.com.au/?_from=R40&_trksid=m38.l1313&_nkw=msr+206&_sacat=See-All-Categories

They are widely available...

pci compliance said...

ATM Fraud is very rampant. It will be a good practice to keep in mind this pointers. We can never be too sure for our hard earned money.