http://dailynews.yahoo.com/htx/abc/20020110/bs/atmfraud020110_1.html
Thursday January 10 03:26 PM EST
High-tech Thieves Snatch Data From ATMs
By Paul Eng ABCNEWS.com
Thieves can steal an account number from an ATM or debit card, and secret pin.
At the corner market, the skim is in the refrigerated milk - and
perhaps in the store's cash-dispensing ATM.
But this particular skim isn't good for customers since it involves the
poaching of an unsuspecting consumer's bank card data.
Thieves have found a way to steal not only someone's account number from an
ATM or debit card but also the person's seemingly secret personal
identification number. With this double dose of information, thieves can
electronically rob unsuspecting victims of their cash.
The scam has been reported in New York, Florida, California and points in
Canada.
The cybercrooks' technique is so clandestine that consumers often don't
know that they've become victims until they check their monthly bank
statements - or when checks start to inexplicably bounce due to lack of
available funds.
Suddenly Sapped of Cash
Chris Lundie, a 28-year-old market surveillance analyst with a Wall Street
investment firm, was one such victim.
Last month, Lundie and his fiancée checked their bank account online in
preparation to pay their Manhattan apartment rent. But, they noticed two
odd withdrawals - for $500 and $600 - made within hours of each other at
bank ATMs in Flushing, Queens.
At first we questioned how this happened, says Lundie. We don't work in
Queens and we've never been to those ATMs.
After calling his bank to stop further activity on the account, Lundie
called his local police precinct and discovered that he was the latest
victim of a high-tech crime ring that may have been targeting automatic
teller machine users for more than a year.
Detectives with New York City Police Department's Special Fraud Unit
wouldn't comment on the ongoing investigation into the ring. But
according to a recent report in the New York Post , the thieves may have
stolen as much as $1.5 million. Authorities told the Post they suspected
the scam was the work of the Russian mafia.
Snatching Data Clandestinely
Law enforcement officials did not disclose how the ring operated, but
industry sources gave ABCNEWS a hint at how the ring might have stolen
money from unsuspecting victims.
According to one source, the thieves may have targeted non-bank ATMs - the
stand-alone cash dispensers found at local grocers, bodegas, gas stations,
and shopping mall food courts. The machines are rigged with tiny devices
that can read a debit card's magnetic stripe as it is run through the ATM's
built-in reader. A special logic board or cover is placed over the ATM's
keypad and records when users enter their four-digit PIN codes.
Both the card's magnetic data and the user's PIN information are stored in
a separate memory module. The thieves retrieve the memory module and, using
commercially available computer technology, encode the stolen information
onto their own blank cards. These cloned debit cards can then be used
with the captured PIN to withdraw money from the victims' accounts using
other ATMs.
Con artists have targeted debit cards and ATMs in the past in a variety of
scams. Most schemes, such as the so-called Lebanese Loop, are fairly simple.
In that scam, robbers would purposely rig the card slot of the ATM to
physically capture a person's bank card. The scammer, posing as a good
Samaritan, would then suggest that the victim repeatedly enter their secret
PIN code in order to recover the stuck card from the machine. When the
effort fails, the victim often walks away - leaving the con artist to
retrieve the card and use it with the now-disclosed PIN code.
ATMs: Tempting Targets
Experts believe that the thieves may have targeted non-bank ATMs for
several reasons.
For one, non-bank ATMs are typically owned and maintained by independent
operators who may not know that such skimming devices are being added and
removed from their cash dispensers.
Most of these stand-alone ATMs also lack built-in surveillance cameras and
are placed in locations that aren't monitored closely, leaving police with
very little evidence to work with during their investigations.
Crafting Countermeasures
Rob Evans, marketing director for NCR, a leading ATM supplier, says the
industry has developed several technologies that can defeat these
clandestine card skimming setups. ATMs supplied to NCR's bank customers,
for example, can be equipped with enhanced card readers that can scramble
the card's data as it's being read.
When a user puts his card in, it jitters the electronic signals so it
can't be picked up by a nearby illegal card reader, says Evans.
The banking industry is also looking into other high-tech measures such as
using software encryption and so-called smart cards that store data on
hard-to-duplicate microprocessors.
But industry officials such as Evans admits that it's
