Information security experts are advising consumers on how to recognize popular ATM fraud schemes plaguing Europe.
With ATM crime on the rise in Europe, a group of information security experts is advising consumers on how to recognize some of the most popular ATM fraud schemes and how to avoid becoming a victim. The recommendations are found in a new white paper by the European Network and Information Security Agency (ENISA), a European Union organization set up to help member states and the business community address network and information security problems.
Citing the findings of a European ATM Security Team (EAST) report, the ENISA paper says fraud-related ATM crimes in Europe jumped 149 percent in 2008, compared to the year prior, and resulted in €485 million ($709 million) in losses.
The increase in ATM fraud is linked primarily to a rise in ATM-card skimming attacks, according to the report by EAST, a pan-European, not-for-profit organization whose members are ATM deployers or networks. Card skimming is a form of ATM fraud that captures the information on an ATM card’s magnetic stripe and personal identification number (PIN), using a modified card reader, which is placed on the machine and disguised. The information is used to create a duplicate card.
According to ENISA, the PIN may be stolen using a small spy camera, a false PIN pad overlay, or “shoulder surfing.” The paper also notes that criminals are increasingly using Bluetooth wireless technologies that transmit card and PIN details to a remote laptop.
A skimming device might also be placed in a card reader on the door of a bank, ENISA warns. Victims swipe their cards to gain entry, and the disguised card reader steals the information from their magnetic stripe. A camera located above the ATMs is used to collect PINs.
In addition, skimming devices are sometimes mounted near the ATM’s card slot with a sign that says, “Slide card here first,” but this method is not common in Europe, the paper says. Criminals may also use fake ATM machines, which capture and save card details and PINs.
The weakness of storing information on magnetic stripe, which is simple to copy and counterfeit, has been partly addressed by Europe’s introduction of European Mastercard Visa (EMV) smart cards, also known as Chip and PIN cards or Chip cards, which have a microchip embedded in the card. “While these cards also have magnetic stripes,” the paper says, “the magnetic stripe alone is not sufficient to allow a transaction to take place at an ATM with a card reader that has been modified to read an EMV Chip…Thus counterfeit copies of these EMV cards cannot be used to withdraw cash from EMV-compliant ATMs.” Most countries in Europe will have EMV-compliant cards by the end of 2010.
Portugal’s ATM network (SIBS) employs a company that monitors the network to identify card usage patterns, that indicate fraud. For instance, the ENISA paper notes, “if a card is supposed to be an EMV card, but only the magnetic [stripe] is being used…the card is most likely a clone, and the transaction is rejected.”
The company can also monitor Portuguese credit and debit cards abroad. It can block certain cards or transactions from a specific area of the world in case there is a surge in fraudulent usage.
All ATM machines in the country also have some kind of anti-skimming mechanism. ENISA reports that the most common is a card reader that slows down the entrance of a card, making it difficult for the card to be read by a fake card reader.
Another ATM-fraud scheme is called “card trapping.” Thieves place a device over the card reader that allows the ATM to read it but prevents the machine from returning the card to the customer. When the victim leaves the ATM, the thieves retrieve the card. PINs are obtained in the same ways as with card skimming.
The paper also notes physical attacks on machines as a significant threat. Some countries, including Portugal and Italy, have introduced banknote ink/dye staining systems to prevent physical attacks. Merchants are taught to be aware that an inked banknote has been stolen.
ENISA attributes the growing number of reported incidents to an overall increase in ATMs; increased use of the machines used to dispense other products, such as postal stamps; and the depressed economy in Europe.
@ View the paper via “Beyond Print."