http://dailynews.yahoo.com/htx/abc/20020110/bs/atmfraud020110_1.html
Thursday January 10 03:26 PM EST High-tech Thieves Snatch Data From ATMs By Paul Eng ABCNEWS.com Thieves can steal an account number from an ATM or debit card, and secret pin. At the corner market, the skim is in the refrigerated milk - and perhaps in the store's cash-dispensing ATM. But this particular "skim" isn't good for customers since it involves the poaching of an unsuspecting consumer's bank card data. Thieves have found a way to steal not only someone's account number from an ATM or debit card but also the person's seemingly secret personal identification number. With this double dose of information, thieves can electronically rob unsuspecting victims of their cash. The scam has been reported in New York, Florida, California and points in Canada. The cybercrooks' technique is so clandestine that consumers often don't know that they've become victims until they check their monthly bank statements - or when checks start to inexplicably "bounce" due to lack of available funds. Suddenly Sapped of Cash Chris Lundie, a 28-year-old market surveillance analyst with a Wall Street investment firm, was one such victim. Last month, Lundie and his fiancée checked their bank account online in preparation to pay their Manhattan apartment rent. But, they noticed two odd withdrawals - for $500 and $600 - made within hours of each other at bank ATMs in Flushing, Queens. "At first we questioned how this happened," says Lundie. "We don't work in Queens and we've never been to those ATMs." After calling his bank to stop further activity on the account, Lundie called his local police precinct and discovered that he was the latest victim of a high-tech crime ring that may have been targeting automatic teller machine users for more than a year. Detectives with New York City Police Department's Special Fraud Unit wouldn't comment on the "ongoing investigation" into the ring. But according to a recent report in the New York Post , the thieves may have stolen as much as $1.5 million. Authorities told the Post they suspected the scam was the work of the Russian mafia. Snatching Data Clandestinely Law enforcement officials did not disclose how the ring operated, but industry sources gave ABCNEWS a hint at how the ring might have stolen money from unsuspecting victims. According to one source, the thieves may have targeted non-bank ATMs - the stand-alone cash dispensers found at local grocers, bodegas, gas stations, and shopping mall food courts. The machines are rigged with tiny devices that can read a debit card's magnetic stripe as it is run through the ATM's built-in reader. A special "logic board" or cover is placed over the ATM's keypad and records when users enter their four-digit PIN codes. Both the card's magnetic data and the user's PIN information are stored in a separate memory module. The thieves retrieve the memory module and, using commercially available computer technology, encode the stolen information onto their own blank cards. These "cloned" debit cards can then be used with the captured PIN to withdraw money from the victims' accounts using other ATMs. Con artists have targeted debit cards and ATMs in the past in a variety of scams. Most schemes, such as the so-called Lebanese Loop, are fairly simple. In that scam, robbers would purposely rig the card slot of the ATM to physically capture a person's bank card. The scammer, posing as a good Samaritan, would then suggest that the victim repeatedly enter their secret PIN code in order to recover the stuck card from the machine. When the effort fails, the victim often walks away - leaving the con artist to retrieve the card and use it with the now-disclosed PIN code. ATMs: Tempting Targets Experts believe that the thieves may have targeted non-bank ATMs for several reasons. For one, non-bank ATMs are typically owned and maintained by independent operators who may not know that such skimming devices are being added and removed from their cash dispensers. Most of these stand-alone ATMs also lack built-in surveillance cameras and are placed in locations that aren't monitored closely, leaving police with very little evidence to work with during their investigations. Crafting Countermeasures Rob Evans, marketing director for NCR, a leading ATM supplier, says the industry has developed several technologies that can defeat these clandestine card skimming setups. ATMs supplied to NCR's bank customers, for example, can be equipped with enhanced card readers that can scramble the card's data as it's being read. "When a user puts his card in, it jitters the electronic signals so it can't be picked up by a nearby illegal card reader," says Evans. The banking industry is also looking into other high-tech measures such as using software encryption and so-called smart cards that store data on hard-to-duplicate microprocessors. But industry officials such as Evans admits that it's a tough race against cybercriminals. "You do what you can to make the ATM as unappealing as you can to folks that want to use it for criminal purpose," says Evans. But as ATMs - especially stand-alone versions - proliferate, "The bad guys are going to keep coming at these things as quickly as they can." Enduring Losses and Lessons And that's disheartening news for both consumers and the financial institutions that absorb the estimated billions of dollars annually lost to bank card fraud. Citigroup and J.P. Morgan & Chase - two of the largest institutions reportedly stung hard by this latest ring of thieves - wouldn't comment on the amount lost in the latest scam. But Mark Rodgers, spokesman for Citigroup, says, "No [customer] funds were at risk and we regret any inconvenience that may have resulted [from this crime]." Rodgers also says, "We've worked with customers to resolve the issues on their account." And that's good news for consumers such as Lundie. His undisclosed financial institution restored the stolen funds to his account in about two weeks. After all, "$1,100 is a lot of money living in [New York] City," he says. Still, he and his fiancée are keeping a close eye on their new account. And he says: "I definitely make more of an attempt to use a bank ATM." Email this story - View most popular | Formatted version ------------------------------------------------------------------------ Search Advanced Search: Stories Photos Full Coverage Home | Top Stories | Business | Tech | Politics | World | Local | Entertainment | Sports | Science | Health ------------------------------------------------------------------------ Questions or Comments Copyright © 2002 ABCNEWS.com. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]