Banking Institutions Must Take Preventive Measures
ATM fraud is on the rise and shows no sign of abating. There is a list of incident response tips for financial institutions that want to fight back against ATM skimming attacks.
Mike Urban, Senior Director of Fraud Solutions at FICO (Fair Isaac Corporation, the provider of credit scoring), says all types of ATMs - and even pay-at-the-pump gasoline stations - are under attack by tech-savvy fraudsters.
"As I have seen, [fraudsters] pretty much go after anyone; it's not one manufacturer or one model."
Several skimmers have been found at gas stations around the country in the last month, and these are where the criminals are placing readers to capture the PIN and the card number before the PIN is encrypted. "I predict we're going to see more of those," he says. "They are targeting the weakness of the mag stripe, and that will be something we have to live with until a better solution is developed."
The Skimming Trends
The current trend began slowly, says Urban. Several years ago, the targets were primarily off-premise ATMs. Criminals could buy ATMs, place skimming devices in them and collect card and pin information. But when changes such as the encrypting PIN pad and other advancements in technology changed how PINs were protected, criminals began focusing on financial institutions' ATMs.
Recent arrests show the criminals perpetrating these crimes are from Eastern Europe. A lot of the techniques and a lot of the technology they are placing on the ATMs are coming from Eastern Europe. Those criminals have been targeting financial institution ATMs for years, primarily because those are the kinds that are deployed -- there aren't as many stand-alone ATMs in Europe.
Incident Response Tips
Action items for banking institutions include:
Have a Plan -- for what you do if you find a skimming device on one of your ATMs.
Document the Plan -- listing everything that should happen, people to be contacted, actions to be taken.
Educate Your Branch Employees -- If a device is found, all employees should know what and what not to do. Educate branch employees and third-party vendors, as well as ATM servicers. Make sure they are monitoring the outside of the ATMs for residue or devices that actually are on the ATM.
Inspect All Locations - frequently, checking the facia and surroundings around the ATMs, making sure nothing has been added or moved.
Set ATM Standards - including visual standards for all ATMs in all branches. Keep it standard. Take a photograph of each ATM, inside and outside. Show employees what it should look like, so ATMs can be quickly examined to see what may be out of place. "It sounds like a bit of overkill, but a picture is worth a 1000 words," says Urban.
Don't Touch Skimmer If Found -- Contact law enforcement if a device is found on the ATM. Tell employees to not touch it or pick it up or pull it off the ATM. Secure the area with bank robbery tape until law enforcement arrives.
Be Vigilant At All Times -- Increase your checks on ATMs, especially if you've heard of ATM skimming in your area. If there are reports of ATM skimming, increase the number of checks. Even if there are no reports, have employees check ATMs in off-hours and over weekends, which are prime times for skimmers to be put on ATMs.
Contact Other Institutions -- Share information with local and regional institutions about what's happening at your branches and make sure they share information with your institution.
If you know of any more tips, please let me know.