CONTINUE TO SITE »
or wait 15 seconds

News

Fraud fight gets more proactive at ATMs

As ATM fraud continues to create problems, some industry players advocate taking a more active role. 

August 3, 2003

Poker players use "tells" to help them identify and overcome the weaknesses of their opponents.

Gasper Corporation, a provider of ATM management software, believes "tells" can play a similar role for ATM deployers, helping them identify -- and hopefully defeat -- some of the more common ATM scams.

Most fraud fighting efforts to date have focused on the point of fraud itself, an ATM or other device where a criminal enters stolen card data to collect cash. Many ATM networks and transaction processors utilize software that identifies fraud by analyzing patterns of unusual card use. Federal authorities captured two suspects in a high-profile skimming case in New York City through the use of such software. (See related story Skim scam man)

In a whitepaperon "Detecting ATM Fraud," Gasper advocates attacking fraud at the point of compromise, the ATM or other device where card data is actually harvested.

"The sooner you can detect the compromise, the more you can reduce the amount of damage," said Ken Cooper, a product marketing manager for Gasper and one of the authors of the whitepaper.

Getting the upper hand

Cooper said that many of the more common forms of harvesting card data, including Lebanese Loop card traps and "ghost" overlays or parasite devices, result in very specific "tells" at the ATM.

For instance, a lack of transactions combined with a lack of ATM faults often indicates an overlay. A high number of repeated card reader errors are often a sign of a card trap scam.

In addition, Cooper said, the ATMs most frequently targeted for these scams share some common characteristics. For both Lebanese Loop and "ghost" overlay scams, thieves typically hit bank branch ATMs with high transaction volumes located in upscale areas. A motorized card reader and lack of a camera increase the odds that such scams will occur.

"The ATM is a very rules-based machine. It does a good job of alerting us to events outside of the norm," Cooper said. "It gives us a lot of information, but sometimes we choose to ignore it."

He said that ATM deployers can use management software to group their high-risk machines and then create thresholds to help identify suspicious situations, such as the lack of transaction/lack of faults combination.

Some software, such as Gasper's, allows deployers to account for factors such as time of day, which can be another fraud indicator. Both the Lebanese Loop and "ghost" overlay scams typically occur outside regular bank hours. Cooper said thieves using the Lebanese Loop frequently work around midnight, so that they can withdraw the maximum amount of cash allowed for two days rather than just one.

All systems down

Some management systems allow deployers to respond to fraud indicators with automated responses, ranging from dispatching a service technician to the site to shutting down the machine.

While some deployers may see shutting down an ATM as a drastic move, Cooper said sometimes it's the most appropriate decision. "If you had a skimmer sitting there for four hours before a service tech got there, hundreds of cards could be compromised at a high-volume site."

Major ATM manufacturers also are taking a more proactive approach to fraud prevention. Several have made modifications to their machines, adding features such as sensors in card readers to detect foreign devices.

Wincor Nixdorf has introduced a module with sensors that monitor the card reader's slot. If the sensors detect a foreign device, the machine shuts itself down until the device is removed, according to Saul Caprio, Wincor's director of U.S. business development. It then reboots itself when the device is removed.

Wincor also has added a mechanism that ensures that cards are drawn in completely by the reader and put out again to verify that the entire transport path is free. If a trapping device is detected, the ATM is shut down before the customer can enter a PIN. In addition, a steel mandrel blocks the card so that it cannot be removed until a service technician or other authorized person is dispatched to the machine.

"It might inconvenience the customer momentarily, but it's nothing compared to the inconvenience they could suffer if their card was stolen," Caprio said.

NCR also redesigned its card reader to detect the insertion of a foreign device. Rob Evans, director of industry marketing for NCR's Financial Solutions division, said the machine will generate alerts and deployers can opt to have the machine go into "sleep mode," or out of service, for a pre-determined amount of time. "If the machine goes down, chances are the bad guys are going to go away," he said.

Card readers in Diebold'snew Opteva line of ATMs are equipped with sensors that detect the insertion of a card trapping or card fishing device and report it to the host. The network or deployer can opt to shut down the ATM if a device is detected.

Opteva card readers also have an optional feature that physically prevents a card from being removed from the reader during normal operations.  If a foreign device has been inserted in the card reader that either makes the return of the card to the consumer or capture of the card by the terminal impossible at the completion of a transaction, the device prevents removal of the card until an authorized person can assist.

Diebold also modified the front of the card reader and recessed it into the front of the machine to help make the attachment of any foreign devices more obvious to ATM users. "It simply would not look 'right,' alerting the consumer that something was possibly wrong," said Diebold spokeswoman Tiffini Bloniarz.

Both NCR and Diebold use a feature called "jitter" on their motorized card readers, which changes the speed of the card as it enters the reader, making it difficult for thieves to get any usable card data. Once the card is detected over the internal read head, the jittering feature is disabled and a constant read speed is applied so that the card data can be read.

NCR has collected some anecdotal evidence that such features can help, Evans said. "We've seen fraudulent activity drop off at some machines with these features and then pick up at other machines in the area."

Included In This Story

Diebold Nixdorf

As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
Bolt unveils crypto rewards payment app
Viamericas partners with GCB for cash remittance service
OKI partners with Lip Data Systems to produce ATMs for Indian banks
Seven Bank to install 16K ATMs in FamilyMart locations
Bank of America announces AI assistant for employees


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'