- ATM skimming is a theft of card information, where a small device, known as a skimmer, is used to steal the information during a legitimate ATM transaction.
- As the card is swiped at the machine, the skimmer device captures the information stored on the card’s magnetic strip.
- A device designed to look like and replace the card insertion slot: The skimmers, which cannot be usually spotted by an untrained eye, have circuitry that read and store the data on the magnetic strip of an ATM card even as the ATM processes the same data.
- Pinhole cameras: Typically, fraudsters also install pinhole cameras in inconspicuous places like the top of the cash dispenser, the deposit slot or just above the keyboard. This steals the PIN for the card.
- In some cases, criminals have also used a fraudulent PIN pad fitted with a skimming device and placed atop the original pin pad.
- Days after installation, criminals recover the skimming machines and cameras and collect the stolen data, and decode the PIN for a card.
- In one case, in Thiruvananthapuram, data were collected remotely in wireless mode from the skimmer and camera.
- Using stolen data, the criminals clone ATM cards and use these in different cities; at other times, they transfer the data to associates, or sell the data to other gangs.
- In September 2017, an alert cash loading agent found illegal devices attached to a Kotak Mahindra Bank ATM in Bengaluru.
- Police ordered bank authorities across Bengaluru to check for similar devices at other ATMs.
- The police found a similar skimmer and mini-camera installed at a Kotak Mahindra ATM at the Bengaluru international airport.
- CCTV footage revealed that the same persons had installed the skimmer and camera at the two kiosks, 40 km apart.
- The Karnataka CID laid a trap at the two ATMs.
- Romanian national Dan Sabin Christian, 40, and Hungarian national Mare Janos, 44, who had arrived in India for the first time on a tourist visa on September 1, 2017 and were due to leave on September 19, were arrested when they entered one of the ATMs to retrieve a skimmer and camera they had installed.
- The two were earlier caught in Jamaica for a similar offence, CID officials said. During interrogation, they claimed they were working for a UK-based operator of a gang involved in stealing ATM card data while travelling in foreign countries.
- In 2018, Christian and Janos jumped bail in Bengaluru and disappeared without facing trial.
- The modus operandi of the two men matched that used by gangs that had been involved in data theft at ATMs in Thiruvananthapuram in 2016, and in Hyderabad and Mumbai in December 2017.
- Thiruvananthapuram: In the Thiruvananthapuram case, one of the suspects, Gabriel Marian, 27, was arrested in Mumbai.
- Investigations showed skimmers and cameras were planted at ATMs in Thiruvananthapuram, data were collected in wireless mode at a nearby hotel, and cards were cloned; these were later swiped in other parts of India where the gang travelled on their travel visas.
- Hyderabad: In the Hyderabad case, four Romanian nationals were found involved.
- They came to India in December 2017 and targeted Mumbai and Hyderabad.
- After installing skimmers and miniature cameras at various ATMs without guards, they cloned over 500 debit cards and withdrew Rs 35 lakh, including Rs 1 lakh from one account of a Hyderabad resident.
- The gang allegedly utilised the services of another gang, of Nigerian nationals, to covert the money into euros and transfer it to Romania through Western Union.
- The Cyberabad Police identified the gang through CCTV cameras.
- Kolkata: Last month, the detective department of the Kolkata police arrested three Romanian nationals for installing skimmers and cameras at two ATMs.
- Small towns: These types of cases are being reported from even small towns. There are even Indian gangs involved.
- With most ATMs being unguarded these days and with cash loaders being rarely observant regarding illegal attachments to ATMs these cases seem to be on the rise.
- In the Delhi case, local criminals are suspected.
- Among Indian gangs found involved, a majority seem to either buy data on the dark web and clone cards, while some steal data themselves by installing tiny skimmers on card swipe machines at commercial establishments.
- Prevetion of skimming is possible with –
- the alertness of people who load cash in ATMs and bank officials who can spot any illegal devices planted in ATMs;
- posting guards at ATMs;
- installing machines that do not facilitate installation of cameras and skimmers; and
- use of new high-security bank cards that have facilities against theft of data through skimming.
- Spotting a skimmer: Spotting a skimmer is a rather easy task. All you need to do is check the ATM machine prior to using it. The card reader section might be extended than usual on a machine that has been tampered. If a keypad on the ATM seems to protrude oddly, check the keypad for it might be a fake.
EMV chip cards
- Banks are in the process of replacing the existing magnetic strip debit and credit cards with latest EMV chip cards, to comply with Reserve Bank of India guidelines.
- As part of its security measures for transactions where you swipe your card, RBI in May 2015 asked banks to gradually phase out the magnetic cards and move to EMV chip cards. In August that year, it set December 31, 2018 as the deadline for the changeover.
- What is it?
- EMV chip technology is the latest global standard for card payments.
- EMV is an acronym for Europay Mastercard and Visa, who developed this technology.
- EMV cards are chip-based payment cards with enhanced safety features that are designed to prevent fraudulent practices such as card skimming and cloning.
- How they work?
- Magnetic tape vs. chip: The old credit and debit cards store your data on the magnetic stripe found on the reverse side of your card. This makes it easy for a fraudster to copy your data when you swipe the card.
- EMV cards, in contrast, store your data on a microprocessor chip embedded in the card.
- This means that the card generates fresh user data every time you transact, making it impossible for fraudsters to copy your original data from your card.
- Secret PIN: The other feature of EMV cards is that they use both your card and a secret PIN to complete a transaction.
- When you use your EMV credit or debit card at a terminal, it generates a unique encrypted code called a token or cryptogram, which is unique and specific only to that transaction.
- It cannot be used another time. The token is generated from a combination of information contained in the chip and that in the terminal.
64total visits,2visits today