ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Atm theft

Download as DOC, PDF
Apurva Sharma
Apurva Sharma

Automated teller machine (ATM) theft is a major problem, with estimates of 5,500 crimes per year in the US. Criminals use various methods like card skimming, card trapping, and deposit fraud to steal people's card information and PINs to withdraw money from their accounts. Banks can help prevent such theft by implementing better security technologies like biometrics and alert systems, as well as educating customers about common scams.

1 of 3
Download to read offline
ATM Theft Peter Ventura November 22, 2000 Automated teller machine theft is a major problem. Although banks do not publish their losses due to computer crime, A BAI Global study estimates one ATM crime is committed for every 2 million transactions, or about 5,500 crimes a year. The American Bankers Association puts the number at an even lower one crime for every 3.5 million transactions, or about 3,000 a year 1. With consumers becoming more dependent on ATMs and the proliferation of ATM debit cards, computer crime in this area is more likely to increase. Banks will have to find better methods to eliminate unauthorized use through hardware or software solutions, while keeping security costs down. The purpose of this case study is to explain how ATM fraud occurs, and possible solutions banks can implement to prevent such loss. Automated teller machines (ATMs) are a part of most of our lives. The major appeal of these machines is convenience. ATMs allow customers access to get cash, pay bills, purchase or sell securities, or make deposits twenty-four hours a day. Customers access their bank accounts through a plastic bankcard. This card has a magnetic strip on the back containing a password and relevant account information. ATM technology has virtually remained the same over the last several decades, with a few minor changes like color touch-sensitive screens and voice-activated commands for the visually impaired. Citibank, which pioneered a full ATM network 23 years ago, now has a worldwide network covering offices in over 100 countries around the world. With so many machines available to account holders, it's no wonder that illegal users take advantage of this technology. Most banks use input validation techniques (batch totals, format checks, reasonableness checks, transaction validation) and audit trails are used to verify that the transaction came from a valid bankcard in an authorized ATM center. These features do not eliminate the need for users to write down passwords; they just ensure that the data transmitted follows certain guidelines, that requests such as cash withdrawals are made within reasonable limits, that money is transferred to the proper account, and so forth. These features only ensure that certain procedures are followed, and cannot tell whether the person with the card and password is authorized to use it. To stop a criminal, who has a stolen ATM card and password, system security measures must be improved to identify the person using the card. Over the past decade, criminals have used social engineering techniques to commit fraud. There are two common scams: card withholding, and ATM deposit fraud. ATM deposit fraud is a common occurrence that targets a bank and the victim. The thieves open new ATM accounts at a bank, then take the newly acquired ATM card and make fraudulent deposits (mostly on Friday nights after the bank closes) with fraudulent checks that cannot be processed until the following Monday. Then on Saturday morning, the thief withdraws cash for the deposited checks knowing that the check will bounce. The bank will identify the error and close the account, limiting the loss to less than $3000 in most cases. Once gang succeeded in defrauding banks for over $800,000 over the course of two years before they were apprehended and proscecuted2. Although banks like Citibank used a simple countermeasure of allowing the customer to withdraw a small portion of the deposited check and keeping the total of the deposits unavailable until the checks clear, yet this attack is still being performed on other banks that have not closed this vulnerability. Card withholding is a crime that requires a lot of social engineering, and a ¡®spotter¡¯ to gain the two items necessary to defraud the consumer: their ATM card, and PIN. The thieves usually use something to jam an unsuspecting customer¡¯s card in the ATM machine then try to ¡®help¡¯ their victim remove the card. After several failed attempts, they sympathize with the target, and even suggest they type their PIN in several times in the hopes that the ATM will release the card. While
this is happening, an accomplice (the spotter) is nearby to see the PIN being entered. After the frustrated victim leaves without the card, the thieves use a nail file to extract the card, and withdraw cash using the PIN they just observed. Most ATM machines are designed to not take the card in completely for this reason, and some banking centers are equipped with 24-hour surveillance and access to local police if a suspected scam is in progress 3. Another more sophisticated crime used a Fujitsu model 7020 automated teller machine in the Buckland Hills Mall in Hartford, Connecticut. The criminals installed a specially programmed machine in the mall to record the card information, collect the PINs from the unsuspecting customers, and let the system inform them that the transaction they requested could not be processed. Days later, the gang collected the information and made bogus ATM card which were then used to withdraw money from the victim¡¯s accounts from ATMs in Manhattan. The criminals were caught when the use of the counterfeit ATM cards was correlated with the surveillance cameras4. A more recent vulnerability although not widespread at this time is a technique called skimming. The crime uses a black box the size of a Palm Pilot, with a slit down the front and bits of Velcro tape on the back. Called a "skimmer," the device can read and store the data embedded within a charge card's magnetic stripe ¡ª not only the name, number and expiration date that appear on the card's face but also an invisible, encrypted verification code that is transmitted electronically from merchant to card issuer to confirm a card's validity at the point of sale. By copying that code, the counterfeiter has all the data needed to create a perfect clone of the charge card. This method was recently used to defraud 100+ American Express cardholders of nearly $500,000 last summer5, and the technology is portable enough to be used in a modified ATM in a supermarket or other public area. This type of fraud is usually not caught until the customer receives their monthly statement 30 days after the transaction occurs. If the victim does not read their statements carefully, this type of attack will be hard to detect because it compromises the authentication of the customer transaction and the confidentiality of the customer¡¯s information on the card. Many of the methods used to defraud consumers and their banks can be minimized through the use of biometrics devices, or enhanced ATM security software. Biometrics devices have been available for over a decade, and the cost of the technology has significantly dropped over the years. Companies like Sensar Corp (now Identix Technologies) are using biometrics devices to authenticate customers by iris scans at ATMs in Europe. Texas's Bank United was the first US bank to implement iris recognition at ATM's and the first bank anywhere to use the technology in the single-factor mode ¡ª without PINs, passwords, or cards. Using an IrisCode? record, a digitized 512-byte representation of the feature-rich iris, or colored part of the eye, the system can authenticate the identity of individuals with greater accuracy than any other method, to help eliminate fraud. The system requires no contact and minimal cooperation to function6. Another security measure that is effective in alerting the police of an ATM robbery are the use of software such as Zi-Cubed¡¯s SafetyPIN product. The SafetyPIN system, when implemented at a bank, will allow a customer who may be in the middle of a robbery to discreetly alert the police by using a secondary PIN. The alternate PIN will still authorize the ATM to dispense cash, but the system will alert the police and direct them to the ATM center where the suspect robbery is occurring7. Even though user-supplied passwords will eliminate many of the vulnerabilities inherent in a PIN- based ATM system, banks still have to improve surveillance, fraud detection and procedures that involve law enforcement sooner to minimize ATM crime. The second part to minimizing fraud is the most important step banks should take to reduce this type of crime - customer education. Most banks make an attempt at warning account holders of the ways this crime happens, but it is
not good enough. Banks should post warnings next to ATMs machines telling customers not to give their card to anyone else except bank officials, and pamphlets should be mailed out periodically with account statements. The minimal cost of better customer education will reduce the millions of dollars lost through ATM fraud, while maintaining the balance between the cost of security and the cost of a financial loss due to fraud. 1. "Crime continues to dog ATM industry " February 19, 1999. URL: http://www.atmmagazine.com/news_story.htm?i=670 2. Bailey, Karen. "U.S. Department of Justice Office of the U.S. Attorney, District of Minnesota Press Release". October 18, 2000. URL: http://www.usdoj.gov/usao/mn/press/econ/norris.htm 3. ¡®Where ATM con artist "The Raven" strikes next, nobody knows¡¯. September 18, 1998. URL: http://www.atmmagazine.com/news_story.htm?i=414 4. Schneier, Bruce. "Secrets and Lies: Digital Security in a Networked World". John Wiley & Sons, Inc.New York, NY 2000. p. 46-47. 5. Shannon, Elaine. "A New Credit-Card Scam" Time Europe, July 10, 2000 vol. 156 no. 2. URL: http://www.time.com/time/europe/magazine/2000/0710/creditcard.html 6. Iridian Technologies Iris Recognition ATMs. http://www.iridiantech.com/questions/q4/case_studies.html 7. Zi-Cubed¡¯s SafetyPIN system and product description. URL: http://www.zicubedatm.com/html- 3.html

Recommended

An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
Eswar Publications
?
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
Hai Nguyen
?
Strong Authentication for Payments
Strong Authentication for PaymentsStrong Authentication for Payments
Strong Authentication for Payments
Srivatsan Srinivasan
?
Credit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using BiometricsCredit Card Duplication and Crime Prevention Using Biometrics
Credit Card Duplication and Crime Prevention Using Biometrics
IOSR Journals
?
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
SafeNet
?
IRJET- Using Fingerprint, Pycrypto, and Mobile Banking App, to Withdraw Cash ...
IRJET- Using Fingerprint, Pycrypto, and Mobile Banking App, to Withdraw Cash ...IRJET- Using Fingerprint, Pycrypto, and Mobile Banking App, to Withdraw Cash ...
IRJET- Using Fingerprint, Pycrypto, and Mobile Banking App, to Withdraw Cash ...
IRJET Journal
?
H029044050
H029044050H029044050
H029044050
researchinventy
?
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
Syed Akhtar-Uz-Zaman
?
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
IRJET Journal
?
ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ
ESQ Business Services
?
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET Journal
?
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET Journal
?
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
?
Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION
jaldumanohar manohar
?
D0351022026
D0351022026D0351022026
D0351022026
inventionjournals
?
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
IJSRED
?
E banking
E bankingE banking
E banking
Priyanka Shinde
?
Internet Banking
Internet BankingInternet Banking
Internet Banking
snehateddy
?
Analysis of Spending Pattern on Credit Card Fraud Detection
Analysis of Spending Pattern on Credit Card Fraud DetectionAnalysis of Spending Pattern on Credit Card Fraud Detection
Analysis of Spending Pattern on Credit Card Fraud Detection
IOSR Journals
?
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
?
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Sanjoy Suthar
?
Internet banking.
Internet banking.Internet banking.
Internet banking.
Rahul Prajapati
?
E Banking
E BankingE Banking
E Banking
Deep Das
?
E banking in india
E banking in indiaE banking in india
E banking in india
harpreet030303
?
PPT eBanking
PPT eBankingPPT eBanking
PPT eBanking
James Makumbi
?
Internet banking
Internet bankingInternet banking
Internet banking
Srikanth Gelli
?
E banking
E bankingE banking
E banking
mandeepparmar
?
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
origami-KANAI
?
Experimenting with fonts and colours
Experimenting with fonts and coloursExperimenting with fonts and colours
Experimenting with fonts and colours
Eloise Clark
?
Presentacion tendencias y beneficios redes distribucion contenidoPresentacion tendencias y beneficios redes distribucion contenido
Presentacion tendencias y beneficios redes distribucion contenido
servidoresdedic
?

More Related Content

What's hot (19)

Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
IRJET Journal
?
ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ
ESQ Business Services
?
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET Journal
?
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET Journal
?
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
?
Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION
jaldumanohar manohar
?
D0351022026
D0351022026D0351022026
D0351022026
inventionjournals
?
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
IJSRED
?
E banking
E bankingE banking
E banking
Priyanka Shinde
?
Internet Banking
Internet BankingInternet Banking
Internet Banking
snehateddy
?
Analysis of Spending Pattern on Credit Card Fraud Detection
Analysis of Spending Pattern on Credit Card Fraud DetectionAnalysis of Spending Pattern on Credit Card Fraud Detection
Analysis of Spending Pattern on Credit Card Fraud Detection
IOSR Journals
?
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
?
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Sanjoy Suthar
?
Internet banking.
Internet banking.Internet banking.
Internet banking.
Rahul Prajapati
?
E Banking
E BankingE Banking
E Banking
Deep Das
?
E banking in india
E banking in indiaE banking in india
E banking in india
harpreet030303
?
PPT eBanking
PPT eBankingPPT eBanking
PPT eBanking
James Makumbi
?
Internet banking
Internet bankingInternet banking
Internet banking
Srikanth Gelli
?
E banking
E bankingE banking
E banking
mandeepparmar
?
Review on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment GatewayReview on Fraud Detection in Electronic Payment Gateway
Review on Fraud Detection in Electronic Payment Gateway
IRJET Journal
?
ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ
ESQ Business Services
?
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET - A Paper on Enhanced PIN Security for SBI ATM through Aadhaar Linked O...
IRJET Journal
?
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET- Credit Card Transaction using Fingerprint Recognisation and Two St...
IRJET Journal
?
Payment Tokenization
Payment TokenizationPayment Tokenization
Payment Tokenization
Hamid Ghorbani
?
Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION
jaldumanohar manohar
?
D0351022026
D0351022026D0351022026
D0351022026
inventionjournals
?
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
IJSRED
?
E banking
E bankingE banking
E banking
Priyanka Shinde
?
Internet Banking
Internet BankingInternet Banking
Internet Banking
snehateddy
?
Analysis of Spending Pattern on Credit Card Fraud Detection
Analysis of Spending Pattern on Credit Card Fraud DetectionAnalysis of Spending Pattern on Credit Card Fraud Detection
Analysis of Spending Pattern on Credit Card Fraud Detection
IOSR Journals
?
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
?
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Sanjoy Suthar
?
Internet banking.
Internet banking.Internet banking.
Internet banking.
Rahul Prajapati
?
E Banking
E BankingE Banking
E Banking
Deep Das
?
E banking in india
E banking in indiaE banking in india
E banking in india
harpreet030303
?
PPT eBanking
PPT eBankingPPT eBanking
PPT eBanking
James Makumbi
?
Internet banking
Internet bankingInternet banking
Internet banking
Srikanth Gelli
?
E banking
E bankingE banking
E banking
mandeepparmar
?

Viewers also liked (11)

°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
origami-KANAI
?
Experimenting with fonts and colours
Experimenting with fonts and coloursExperimenting with fonts and colours
Experimenting with fonts and colours
Eloise Clark
?
Presentacion tendencias y beneficios redes distribucion contenidoPresentacion tendencias y beneficios redes distribucion contenido
Presentacion tendencias y beneficios redes distribucion contenido
servidoresdedic
?
Head Soccer, El Juego De Futbol Oficial De La Liga Head Soccer, El Juego De Futbol Oficial De La Liga
Head Soccer, El Juego De Futbol Oficial De La Liga
voracioustransl83
?
§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î
§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î
§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î
firuroooooo
?
Digital marketing boon or bane for indian businesses
Digital marketing boon or bane for indian businessesDigital marketing boon or bane for indian businesses
Digital marketing boon or bane for indian businesses
Dhiraj Shirode
?
Implementing Quality on Java projects
Implementing Quality on Java projectsImplementing Quality on Java projects
Implementing Quality on Java projects
Vincent Massol
?
Nervni sistem
Nervni sistemNervni sistem
Nervni sistem
TozaNS
?
Obrenovi?i protiv kara?or?evi?a
Obrenovi?i protiv kara?or?evi?aObrenovi?i protiv kara?or?evi?a
Obrenovi?i protiv kara?or?evi?a
TozaNS
?
La sabila y sus propiedades curativasLa sabila y sus propiedades curativas
La sabila y sus propiedades curativas
7162559
?
Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013
Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013
Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013
Ryan O'Connell
?
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
°¿°ù¾±²µ²¹³¾¾±’÷ÔؤΥ¹¥¹¥á
origami-KANAI
?
Experimenting with fonts and colours
Experimenting with fonts and coloursExperimenting with fonts and colours
Experimenting with fonts and colours
Eloise Clark
?
Presentacion tendencias y beneficios redes distribucion contenidoPresentacion tendencias y beneficios redes distribucion contenido
Presentacion tendencias y beneficios redes distribucion contenido
servidoresdedic
?
Head Soccer, El Juego De Futbol Oficial De La Liga Head Soccer, El Juego De Futbol Oficial De La Liga
Head Soccer, El Juego De Futbol Oficial De La Liga
voracioustransl83
?
§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î
§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î
§ã§Þ§Ö§â§ä§ß§Ñ§ñ §Ü§Ñ§Ù§ß§î
firuroooooo
?
Digital marketing boon or bane for indian businesses
Digital marketing boon or bane for indian businessesDigital marketing boon or bane for indian businesses
Digital marketing boon or bane for indian businesses
Dhiraj Shirode
?
Implementing Quality on Java projects
Implementing Quality on Java projectsImplementing Quality on Java projects
Implementing Quality on Java projects
Vincent Massol
?
Nervni sistem
Nervni sistemNervni sistem
Nervni sistem
TozaNS
?
Obrenovi?i protiv kara?or?evi?a
Obrenovi?i protiv kara?or?evi?aObrenovi?i protiv kara?or?evi?a
Obrenovi?i protiv kara?or?evi?a
TozaNS
?
La sabila y sus propiedades curativasLa sabila y sus propiedades curativas
La sabila y sus propiedades curativas
7162559
?
Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013
Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013
Data-Driven Student Success Programming in Residence Life - ACUHO-I 2013
Ryan O'Connell
?

Similar to Atm theft (20)

Enhancing security features
Enhancing security featuresEnhancing security features
Enhancing security features
Nana Kwame(Emeritus) Gyamfi
?
ATM2.pdf.pdf
ATM2.pdf.pdfATM2.pdf.pdf
ATM2.pdf.pdf
Rashmibansal15
?
ATM.pdf.pptx
ATM.pdf.pptxATM.pdf.pptx
ATM.pdf.pptx
Rashmibansal15
?
ATM Skimming in the Caribbean
ATM Skimming in the CaribbeanATM Skimming in the Caribbean
ATM Skimming in the Caribbean
Giovanni James
?
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack
- Mark - Fullbright
?
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
h9gfhypx97
?
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Cognizant
?
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
?
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Network
dbpublications
?
An atm with an eye
An atm with an eyeAn atm with an eye
An atm with an eye
Chand Pasha
?
Automated Teller Machine
Automated Teller MachineAutomated Teller Machine
Automated Teller Machine
Sowie Althea
?
Skimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudSkimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card Fraud
Jason Sookram
?
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift Cards
Christopher Uriarte
?
IRJET- Artificial Intelligence based Smart ATM
IRJET- Artificial Intelligence based Smart ATMIRJET- Artificial Intelligence based Smart ATM
IRJET- Artificial Intelligence based Smart ATM
IRJET Journal
?
J017216164
J017216164J017216164
J017216164
IOSR Journals
?
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
IRJET Journal
?
Credit Card Fraud Detection System: A Survey
Credit Card Fraud Detection System: A SurveyCredit Card Fraud Detection System: A Survey
Credit Card Fraud Detection System: A Survey
IJMER
?
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
ijmnct
?
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
ijmnct
?
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
ClubHack
?
Enhancing security features
Enhancing security featuresEnhancing security features
Enhancing security features
Nana Kwame(Emeritus) Gyamfi
?
ATM2.pdf.pdf
ATM2.pdf.pdfATM2.pdf.pdf
ATM2.pdf.pdf
Rashmibansal15
?
ATM.pdf.pptx
ATM.pdf.pptxATM.pdf.pptx
ATM.pdf.pptx
Rashmibansal15
?
ATM Skimming in the Caribbean
ATM Skimming in the CaribbeanATM Skimming in the Caribbean
ATM Skimming in the Caribbean
Giovanni James
?
Chip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attackChip and Skim: cloning EMV cards with the pre-play attack
Chip and Skim: cloning EMV cards with the pre-play attack
- Mark - Fullbright
?
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
h9gfhypx97
?
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Cognizant
?
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
?
An ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation NetworkAn ATM Multi-Protocol Emulation Network
An ATM Multi-Protocol Emulation Network
dbpublications
?
An atm with an eye
An atm with an eyeAn atm with an eye
An atm with an eye
Chand Pasha
?
Automated Teller Machine
Automated Teller MachineAutomated Teller Machine
Automated Teller Machine
Sowie Althea
?
Skimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudSkimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card Fraud
Jason Sookram
?
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift Cards
Christopher Uriarte
?
IRJET- Artificial Intelligence based Smart ATM
IRJET- Artificial Intelligence based Smart ATMIRJET- Artificial Intelligence based Smart ATM
IRJET- Artificial Intelligence based Smart ATM
IRJET Journal
?
J017216164
J017216164J017216164
J017216164
IOSR Journals
?
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
IRJET Journal
?
Credit Card Fraud Detection System: A Survey
Credit Card Fraud Detection System: A SurveyCredit Card Fraud Detection System: A Survey
Credit Card Fraud Detection System: A Survey
IJMER
?
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
ijmnct
?
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MININGAN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
AN OVERVIEW OF THE BANK FRAUD AND ITS DETECTION TECHNIQUES THROUGH DATA MINING
ijmnct
?
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
ClubHack
?

Atm theft

  • 1. ATM Theft Peter Ventura November 22, 2000 Automated teller machine theft is a major problem. Although banks do not publish their losses due to computer crime, A BAI Global study estimates one ATM crime is committed for every 2 million transactions, or about 5,500 crimes a year. The American Bankers Association puts the number at an even lower one crime for every 3.5 million transactions, or about 3,000 a year 1. With consumers becoming more dependent on ATMs and the proliferation of ATM debit cards, computer crime in this area is more likely to increase. Banks will have to find better methods to eliminate unauthorized use through hardware or software solutions, while keeping security costs down. The purpose of this case study is to explain how ATM fraud occurs, and possible solutions banks can implement to prevent such loss. Automated teller machines (ATMs) are a part of most of our lives. The major appeal of these machines is convenience. ATMs allow customers access to get cash, pay bills, purchase or sell securities, or make deposits twenty-four hours a day. Customers access their bank accounts through a plastic bankcard. This card has a magnetic strip on the back containing a password and relevant account information. ATM technology has virtually remained the same over the last several decades, with a few minor changes like color touch-sensitive screens and voice-activated commands for the visually impaired. Citibank, which pioneered a full ATM network 23 years ago, now has a worldwide network covering offices in over 100 countries around the world. With so many machines available to account holders, it's no wonder that illegal users take advantage of this technology. Most banks use input validation techniques (batch totals, format checks, reasonableness checks, transaction validation) and audit trails are used to verify that the transaction came from a valid bankcard in an authorized ATM center. These features do not eliminate the need for users to write down passwords; they just ensure that the data transmitted follows certain guidelines, that requests such as cash withdrawals are made within reasonable limits, that money is transferred to the proper account, and so forth. These features only ensure that certain procedures are followed, and cannot tell whether the person with the card and password is authorized to use it. To stop a criminal, who has a stolen ATM card and password, system security measures must be improved to identify the person using the card. Over the past decade, criminals have used social engineering techniques to commit fraud. There are two common scams: card withholding, and ATM deposit fraud. ATM deposit fraud is a common occurrence that targets a bank and the victim. The thieves open new ATM accounts at a bank, then take the newly acquired ATM card and make fraudulent deposits (mostly on Friday nights after the bank closes) with fraudulent checks that cannot be processed until the following Monday. Then on Saturday morning, the thief withdraws cash for the deposited checks knowing that the check will bounce. The bank will identify the error and close the account, limiting the loss to less than $3000 in most cases. Once gang succeeded in defrauding banks for over $800,000 over the course of two years before they were apprehended and proscecuted2. Although banks like Citibank used a simple countermeasure of allowing the customer to withdraw a small portion of the deposited check and keeping the total of the deposits unavailable until the checks clear, yet this attack is still being performed on other banks that have not closed this vulnerability. Card withholding is a crime that requires a lot of social engineering, and a ¡®spotter¡¯ to gain the two items necessary to defraud the consumer: their ATM card, and PIN. The thieves usually use something to jam an unsuspecting customer¡¯s card in the ATM machine then try to ¡®help¡¯ their victim remove the card. After several failed attempts, they sympathize with the target, and even suggest they type their PIN in several times in the hopes that the ATM will release the card. While
  • 2. this is happening, an accomplice (the spotter) is nearby to see the PIN being entered. After the frustrated victim leaves without the card, the thieves use a nail file to extract the card, and withdraw cash using the PIN they just observed. Most ATM machines are designed to not take the card in completely for this reason, and some banking centers are equipped with 24-hour surveillance and access to local police if a suspected scam is in progress 3. Another more sophisticated crime used a Fujitsu model 7020 automated teller machine in the Buckland Hills Mall in Hartford, Connecticut. The criminals installed a specially programmed machine in the mall to record the card information, collect the PINs from the unsuspecting customers, and let the system inform them that the transaction they requested could not be processed. Days later, the gang collected the information and made bogus ATM card which were then used to withdraw money from the victim¡¯s accounts from ATMs in Manhattan. The criminals were caught when the use of the counterfeit ATM cards was correlated with the surveillance cameras4. A more recent vulnerability although not widespread at this time is a technique called skimming. The crime uses a black box the size of a Palm Pilot, with a slit down the front and bits of Velcro tape on the back. Called a "skimmer," the device can read and store the data embedded within a charge card's magnetic stripe ¡ª not only the name, number and expiration date that appear on the card's face but also an invisible, encrypted verification code that is transmitted electronically from merchant to card issuer to confirm a card's validity at the point of sale. By copying that code, the counterfeiter has all the data needed to create a perfect clone of the charge card. This method was recently used to defraud 100+ American Express cardholders of nearly $500,000 last summer5, and the technology is portable enough to be used in a modified ATM in a supermarket or other public area. This type of fraud is usually not caught until the customer receives their monthly statement 30 days after the transaction occurs. If the victim does not read their statements carefully, this type of attack will be hard to detect because it compromises the authentication of the customer transaction and the confidentiality of the customer¡¯s information on the card. Many of the methods used to defraud consumers and their banks can be minimized through the use of biometrics devices, or enhanced ATM security software. Biometrics devices have been available for over a decade, and the cost of the technology has significantly dropped over the years. Companies like Sensar Corp (now Identix Technologies) are using biometrics devices to authenticate customers by iris scans at ATMs in Europe. Texas's Bank United was the first US bank to implement iris recognition at ATM's and the first bank anywhere to use the technology in the single-factor mode ¡ª without PINs, passwords, or cards. Using an IrisCode? record, a digitized 512-byte representation of the feature-rich iris, or colored part of the eye, the system can authenticate the identity of individuals with greater accuracy than any other method, to help eliminate fraud. The system requires no contact and minimal cooperation to function6. Another security measure that is effective in alerting the police of an ATM robbery are the use of software such as Zi-Cubed¡¯s SafetyPIN product. The SafetyPIN system, when implemented at a bank, will allow a customer who may be in the middle of a robbery to discreetly alert the police by using a secondary PIN. The alternate PIN will still authorize the ATM to dispense cash, but the system will alert the police and direct them to the ATM center where the suspect robbery is occurring7. Even though user-supplied passwords will eliminate many of the vulnerabilities inherent in a PIN- based ATM system, banks still have to improve surveillance, fraud detection and procedures that involve law enforcement sooner to minimize ATM crime. The second part to minimizing fraud is the most important step banks should take to reduce this type of crime - customer education. Most banks make an attempt at warning account holders of the ways this crime happens, but it is
  • 3. not good enough. Banks should post warnings next to ATMs machines telling customers not to give their card to anyone else except bank officials, and pamphlets should be mailed out periodically with account statements. The minimal cost of better customer education will reduce the millions of dollars lost through ATM fraud, while maintaining the balance between the cost of security and the cost of a financial loss due to fraud. 1. "Crime continues to dog ATM industry " February 19, 1999. URL: http://www.atmmagazine.com/news_story.htm?i=670 2. Bailey, Karen. "U.S. Department of Justice Office of the U.S. Attorney, District of Minnesota Press Release". October 18, 2000. URL: http://www.usdoj.gov/usao/mn/press/econ/norris.htm 3. ¡®Where ATM con artist "The Raven" strikes next, nobody knows¡¯. September 18, 1998. URL: http://www.atmmagazine.com/news_story.htm?i=414 4. Schneier, Bruce. "Secrets and Lies: Digital Security in a Networked World". John Wiley & Sons, Inc.New York, NY 2000. p. 46-47. 5. Shannon, Elaine. "A New Credit-Card Scam" Time Europe, July 10, 2000 vol. 156 no. 2. URL: http://www.time.com/time/europe/magazine/2000/0710/creditcard.html 6. Iridian Technologies Iris Recognition ATMs. http://www.iridiantech.com/questions/q4/case_studies.html 7. Zi-Cubed¡¯s SafetyPIN system and product description. URL: http://www.zicubedatm.com/html- 3.html
AboutCopyright
? 2025 ºÝºÝߣ