Video Footages: ATM Skimming!

Be on the lookout for these four tricks and traps

A Handy Way to Foil ATM Skimmer Scams - Thieves continue to place hidden cameras at ATMs to surreptitiously record customers entering their PINs. This previously reported way to stop from being a victim still works against the hidden cameras.

How To Protect From ATM Traps

Avoid Getting Ripped Off at the ATM

Crooks around the globe are using new (and improving) technology to steal your information right at the ATM - and right under your nose. With a variety of devices - from tiny surveillance cameras to look-alike keypads to card readers - these criminals are able to get at your account number, your PIN and really any other kind of details they'd like (even what you look like or the kind of car you drive).

Because these criminals are no dummies, they often target ATMs off the beaten path, in places rarely checked by the network operator or without much traffic or people around. If you must use an ATM in a desolate location, be aware of anything that looks hinky. That scratched up card reader or loose keypad may just be evidence of a planted skimming device. Abandon the machine and try to find another.

Credit: Lam Thuy Vo and Jess Jiang / NPR

Quite a few financial institutions have built mobile apps designed to help you locate ATMs. Consider downloading one (from the financial institution itself!) if you need to find ATMs in out-of-the-way locations.

Insider Scams and Fraud a Growing Trend

Teenager Sentenced for Card Skimming

A 17-year-old was slapped with a 60-day jail sentence after he was busted for skimming credit and debit details while working the drive-thru window at a McDonald's restaurant in Olympia, Wash. This insider scam highlights a card fraud trend the industry needs to watch.

This case highlights just how easy it is for insiders to perpetrate card fraud, especially in a retail environment. Even if we protect the ATMs and POS devices, insider fraud like this will take place due to the ease with which criminals can get their hands on the appropriate devices. This is an industry that clearly needs an elegant and innovative solution (not EMV) that can at least make it an order of magnitude harder for skimmers to succeed.

Transactions Monitored

In the McDonald's incident, the teen's card-fraud scheme was foiled before exceeding $13,000 in losses after transaction monitoring traced the fraud. Detectives connected the dots and linked fraud to the Olympia McDonald's when contacted by the Washington State Employees Credit Union about fraudulent transactions hitting member accounts.

The credit union found one commonality: All of the compromised cards had been used at the same McDonald's. McDonald's management later confirmed the juvenile suspect had worked the drive-thru every time one of the compromised cards had been used.

The teenager used the stolen card numbers, which he collected with a handheld skimming device, to buy gift cards at retail stores such as Walmart and Toys R Us, according to a news report. With the fraudulently purchased gift cards, he allegedly bought about $13,000 worth of merchandise that he later sold on Craigslist and eBay for profit.

The purchases the teenager made included iPads, computers, video game systems and digital cameras, according to the Thurston County Prosecuting Attorney's Office.

The teen has been in custody since Nov. 16, after his parents refused to post bail. On Monday, he pleaded guilty to two juvenile counts of forgery and two juvenile counts of identity theft. As part of his sentence, the court has asked that he pay restitution to the victims whose cards were compromised.

The investigation is ongoing because other suspects may be involved.

How to combat with ATM skimming fraud?

A Simple Plan to Combat ATM Fraud

The risks of electronic banking are all well known. In fact, the updated FFIEC authentication guidance specifically talks about the need to secure both online and electronic banking. It's important to remember that ATMs are also a target of fraudsters. ATM skimming rings are defrauding cardholders to the tune of tens of millions of dollars. This is a global issue affecting customers in the USA, the European Union, Asia, basically anywhere there are ATMs.

Breaking 2-Factor Authentication

In order to access your account from an ATM you are required to use your ATM card [something you have] and enter a PIN [something you know]. Generally, 2-factor authentication is considered a relatively strong security measure against financial fraud. However, crime rings are using various techniques to capture both the card and the PIN, effectively thwarting these measures.

In the 2011 updated guidance, the FFIEC stresses the importance of not only strong authentication, but also to know your customer. There lies the missing link in combating ATM fraud that fortunately has an eloquent solution.

Since financial institutions utilize "know your customer" capabilities to combat online banking fraud, the same techniques can be used to combat ATM fraud.

Similar to online banking, customers have normal patterns of ATM activity, relatively consistent patterns relating to dollar amounts and frequency of ATM cash withdrawals. Since financial institutions utilize "know your customer" capabilities to combat online banking fraud, the same techniques can be used to combat ATM fraud.

Keeping It Simple

Upon detecting unusual and possibly fraudulent ATM activity, the ATM screen could present the user an out-of-wallet challenge question. Making sure the question has a numeric answer means that current ATM key pads used to enter in PIN information would not have to be modified.

Even with limiting the out-of-wallet questions to those with numeric answers, the list of potential questions is quite long:

• What year was your first child born?
• What was the model year of your first car?
• What year were you married?

Obviously not an exhaustive list, but it does illustrate the fact that there is no shortage of such questions.

It's important that the challenge questions are strictly out-of-wallet. If the fraudster did in fact steal the victim's wallet, with their driver's license, then asking the question "what year were you born" would be inappropriate. Asking what year you graduated from high school would also be a weak question.

The fraudster could simply add 17 to the date of birth on the driver's license and answer that question correctly the majority of the time.

The lesson here is the importance of keeping the challenge questions out-of-wallet.

Eloquent and Effective

Using out-of-wallet questions that are compatible with existing ATM hardware, you can add another layer of security to combat ATM fraud. A low-cost solution that could potentially save customers, and financial institutions, millions of dollars.

To complete the anti-fraud circle, banks can also consider having the ATM machines keep the bank cards when a customer [fraudster] fails to correctly answer the out-of-wallet challenge question. You'd have the card, with fingerprints, as well as photographs of the attempted fraud.