ATM fraud schemes are becoming all too familiar in the financial ecosystem. Once again, the U.S. Secret Service has issued an alert to financial institutions about a new form of ATM skimming that fraudsters are using to gain access to payment card details.
The latest alert relates to what's being referred to as "ATM wiretapping" that involves magnets and medical devices to siphon customer account data from the card reader. This latest news was reported by KrebsOnSecurity, which indicated that this alert was given to banks using a non-public system to warn FIs about this new trend that involves the cutting of "cupcake sized-holes" into ATMs to steal the payment data.
This technique involves using a drill to make a hole, which is then covered by a metal faceplate or a decal to hide the fact that the ATM had been tampered with. Fraudsters reportedly use a skimming device to gather the data from the internal card reading by way of a magnet.
According to Krebs: "The Secret Service says once the skimmer is in place and the hole patched by a metal plate or plastic decal, the skimmer thieves often will wait a day or so to attach the pinhole camera." The Secret Service alert indicated that fraudsters use the delay to avoid triggering an alarm from anti-skimming devices. If no alarms are set up, the hidden cameras are then inserted into the ATM. Those cameras are used to record customers as they enter a PIN using a time-stamped video.
The Secret Service also warns that these fraudsters are replacing the PIN pad security shield with a replica one that has a hidden pinhole camera, according to Krebs.
"Overall, it’s getting tougher to spot ATM skimming devices, many of which are designed to be embedded inside various ATM components," Krebs wrote.
The rise in ATM fraud has forced banks and credit unions to implement better fraud controls and continually upgrade their security features in order to think smarter about their fraud management strategies. What banks must consider is relying on fraud alerts that detect breaches in a matter of minutes and hours — instead of days and weeks.
Solving ATM fraud has become a 2 billion-dollar question. (The impact of ATM skimming on a global scale). Getting to the bottom of ATM fraud means having a better understanding of how fraudsters think, how quickly they act and what payment channels they are targeting most.
ATM fraud, in particular, is evolving at a rapid pace. Banks are using new tools to fight fraud, but fraudsters are moving faster. Banks typically have less than 48 hours after an ATM compromise before money is out the door. Banks need to quickly identify compromised ATMs and cards to get a handle on the scope of the problem — a process that can take weeks. Weeks isn't good enough when a problem needs to be solved in less than two days.
When an ATM breach transpires, fraud occurs within 48 hours. From a typical breach, the end cost results can result in the loss of $250,000. FIs must leverage sophisticated data-driven fraud detection techniques to get ahead of the problems before they spread. Being reactive, instead of proactive, in today’s fraud-filled world will always leave financial institutions playing catch up with the fraudsters.
What banks and credit unions really need is the ability to be alerted quickly if an ATM skimmer is in place. This is where the physical boundaries of ATM anti-skimming devices have their limits. Relying on machine learning and advanced analytics is the only way to detect skimmers faster and more effectively.