Pendum

That's not a mobile phone, it's an ATM security device

At one of the most sophisticated banks in Singapore, a nation with one of the lowest skimming rates in the world, thieves this past January pulled off one of the most costly ATM skimming frauds recorded anywhere, ever.

Nearly 700 customers of the Development Bank of Singapore had money stolen from their accounts in the two days before the crime was discovered. DBS paid out $1 million in compensation to accountholders who lost funds in the attack and DBS Group Holdings chief executive Piyush Gupta apologized for the incident. But the damage to customers’ trust was done.

In the wake of the crime, DBS announced new account safeguards including one that alerts customers by SMS — i.e., text message — if an ATM withdrawal from their DBS account exceeds a set amount (which the bank will not disclose so skimmers can't simply work under it). The bank had its SMS alert program up and running within just 11 days of the skimming scandal.

The Singapore scandal and response brings up a question closer to home: Should U.S. financial institutions adopt a similar safeguard against skimming crime that costs their industry at least $1 billion annually?

“Any additional layer of protection is always a good idea,” said McAfee consultant and ID theft expert Robert Siciliano. “The bank itself will do their own cost benefit analysis — they look at the risk, they look at the reward, they make a determination of its user-friendliness — and I think the consumers, the majority of them … would embrace this.”


Story continues below...
Pendum

Pendum- The Nation's Largest Independent Service provider for ATMs 
Are your ATMs ready for the EMV and Windows 7 requirements? We can help.

Consumers have already taken to various other types of alerts. For instance CapitalOne allows its Visa cardholders to request an email alert for any transaction over $20 and any transaction made outside of the United States. Wells Fargo allows users of its mobile app to opt into a text alert program that goes beyond CapitalOne’s to include card-not-present transactions, ATM cash withdrawals, declined transactions and gasoline transactions. From there, it presumably would be a short step to a service that would allow all mobile users to opt into text notices — not just the ones with a smartphone and the mobile app.

Diebold features MobiTransact in its mobile banking program. This service allows a bank customer to receive low-balance notifications as well as real-time SMS alerts for transactions that have taken place while their ATM debit card was locked.

"Diebold views the notification of consumers of [ATM] activity as a high-value service," said Chuck Somers, vice president of ATM security and systems for Diebold.  "For legitimate transactions, it reinforces a multi-channel communication to the consumer … and offers the ability to do paperless transactions with a high degree of security."

Somers said the cost of SMS implementation would depend on the systems a financial institution has already deployed and their interoperability. But he said it certainly would not require the deployment of any different technology to consumer phones or ATMs.

“As far as enabling the alerts is concerned, it’s really going to depend on how their systems are set up,” said Jason Kuhn, director of product development and chief privacy officer for Payment Alliance International. “If I was an FI or an issuer, I would have to set up a real-time feed with the different transaction processors that are out there or however I’m getting my real-time transaction detail. And all of those transactions are going into a fraud monitoring system anyway … so they would just have a series of triggers they would set: whenever [a card number] is used at an ATM; whenever a point of sale transaction occurs for a user-configurable amount greater than ‘X’.”

Better late than never

The inherent weakness of SMS alerts is that they occur only after the crime has been committed. But real-time SMS notifications could still significantly narrow the gap between the time a skimming incident occurs and the time it is discovered and addressed. As the two-day delay in uncovering the DBS skimming fraud showed, time can be big money to a financial institution.

Not only banks, but also consumers would benefit from faster discovery, Siciliano said. "Certainly it’s relatively reactive — the damage has already been done," he said. "But at the same time, you only have by federal law just a couple of days to refute unauthorized ATM withdrawals and it would be good to know it off the bat."

He said that for businesses, early notice could be even more important because they aren’t covered by the same protections as consumers are.

A final remark from Kuhn summed up the texting question neatly. "We’ve all got to change to keep up with security anyway," he said, "so why not use that as an opportunity to be able to provide additional benefits to your customer?"

cover photo: iStockphoto

Related Content

User Comments – Give us your opinion!
  • Philip Cohen
    69619252
    My banker emails me a notice for every outgoing transaction I perform on my internet banking account. I am therefore at a loss to understand why the same safeguard is not offered by card issuers on all credit/debit card transactions. Why not also text/email notices of all card transactions; after all how many transactions does an individual card holder do each day? And, better the bank be earlier forewarned by the use of such an algorithm than have to spend greater precious human resources and funds sorting out the mess after such an extensive fraud event.
  • Rahul Ramakrishnan
    69579917
    Its surprising that DBS does not have an SMS alert solutions for its customers. But, I wont blame DBS alone. I believe the regulators have to play a vital role in mandating such initiatives. In India the central bank (RBI) mandated SMS alerts for all Debit and Credit Card transactions way back in June 2011.
  • rasel akhanda
    68892733
    rasel akhanda
Products & Services

MIS Reporting System

http://global.networldalliance.com/new/images/products/4261.png

4261/MIS-Reporting-System

Build Your Brand with Accent Lighting

http://global.networldalliance.com/new/images/products/6347.png

6347/Build-Your-Brand-with-Accent-Lighting

CUSTOM's VKP80 II - ATM and Kiosk Printer

http://global.networldalliance.com/new/images/products/VKP80II_100px.jpg

996/CUSTOM-s-VKP80-II-ATM-and-Kiosk-Printer

OptConnect at ATMIA 2012

http://global.networldalliance.com/new/images/products/4969.png

4969/OptConnect-at-ATMIA-2012

ATM Supplies

http://global.networldalliance.com/new/images/products/ATM_Supplies_100.gif

1175/ATM-Supplies

FINsim Configurator

http://global.networldalliance.com/new/images/products/6491.png

6491/FINsim-Configurator

Mobile ATM

http://global.networldalliance.com/new/images/products/Mobile_ATM.jpg

832/Mobile-ATM

TMD Security Pack 1: Anti-skimming with Tilt and Vibration …

http://global.networldalliance.com/new/images/products/6193.png

6193/TMD-Security-Pack-1-Anti-skimming-with-Tilt-and-Vibration-Protection

Teller Automation Services

http://global.networldalliance.com/new/images/products/Teller_Automation100.gif

1085/Teller-Automation-Services

Two Way Wireless for ATMs, The DPL Group Hercules Plus

http://global.networldalliance.com/new/images/products/931.png

931/Two-Way-Wireless-for-ATMs-The-DPL-Group-Hercules-Plus

ATM & Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.
ATMIA