Email: info@tecplix.com
Common ATM Scams And How To Avoid Them
Common ATM Scams And How To Avoid Them
Biswajit Sahu
Security Analyst
23 December 2022

Why ATM based fraud so common nowadays?

ATM fraud security nowadays entails more than simply shutting the keypad while inputting a PIN. Many criminals hack into and break into ATMs in order to steal consumers’ credit card and account information. Criminals utilize the cards to rapidly remove funds from the account after getting the PIN number.

ATM crimes are classified as follows:

Cash shimming:

  • The distinguishing characteristic of a card shimming device, which is often performed by inserting the foreign device between the customer’s card and the contacts of the card reader, is the data stored on the chip on the customer’s card
  • A fraudster’s use of a card shimming device allows for a variety of attacks, including obtaining magnetic strip equivalent data, relaying, and other man-in-the-middle attacks

Card skimmer:

  • Skimming is the theft of electronic card data, which allows the thief to clone the card
  • Consumers go through a typical ATM transaction and are frequently unaware of an issue until their account is robbed
  • At the ATM, the card data and PIN are recorded and utilized to create clone cards for further cash transactions
  • It is the most serious threat in the world, but owing to the implementation of anti-skimming solutions, EMV technology, and contactless ATM capabilities, it is no longer the most serious threat

Logical Assaults: (ATM malware/ cash-out attack/ jackpotting)

  • A cybercriminal can use an ATM to execute unauthorized software (Malware) or approved software in an unlawful manner
  • The virus is controlled onsite through the ATM’s PIN Pad or remotely over the network
  • They either deploy the ATM software stack on-site or remotely over the network
  • Malware may incorporate anti-detection, reverse engineering, and unauthorized usage characteristics
  • On-site installation can be accomplished by gaining access to unsecured communication ports such as USB or booting an unauthorized operating system
  • It may also have a secure deleting function. Depending on the type of virus, the cardholder may witness a regular transaction (SW-Skimming and MitM) or the ATM may be out of service or destroyed

MitM:

  • The ATM PC’s contact with the acquirer host system is targeted in order to misrepresent host answers and distribute cash without debiting the criminal’s account

Keypad jamming:

  • The fraudster glues or inserts a pin or blade at the buttons’ edges to jam the ‘Enter’ and ‘Cancel’ buttons
  • A consumer who fails to hit the ‘Enter/OK’ button after inputting the PIN believes the machine is broken
  • Attempts to ‘Cancel’ the transaction also fails
  • In many situations, the client departs and is soon replaced by the fraudster at the machine. A transaction is active for around 30 seconds (20 seconds in certain circumstances), and he can proceed with the withdrawal by removing the glue or pin from the ‘Enter’ button
  • The cardholder’s loss is restricted, however, by the withdrawal limit and the fact that only one transaction is permitted without swiping the card again and entering the PIN

Jackpotting:

  • Controls the dispensing mechanism in order to “Cash Out” the ATM

Physical Attacks:

  • This category includes any effort to rob an ATM of cash in the safe. Physical assaults, as well as the removal of the ATM and subsequent use of various techniques to obtain entry to the safe
  • Personal attacks on users to obtain money are extremely widespread these days

Eavesdropping:

  • A cyber thief installs a foreign gadget on an ATM in order to steal information from a customer’s card
  • This is often accomplished through the use of a wiretap, sniffing the card reader’s capabilities, or connecting to a magnetic read head within the card reader
  • The exploitation of the legitimate card reading capabilities of the card reader to record the customer’s card data is the distinguishing feature of an eavesdropping device

Card Trapping:

  • Trapping is the theft of the actual card itself via an ATM-attached device
  • At the ATM, the card is physically captured, and the PIN is compromised

ATM Safety Tips:

  • Keep your credit card in a safe place
  • The card shouldn’t have the PIN number put on it
  • Your card must not be used by anybody else
  • Never reveal your PIN number to anybody else
  • Don’t let strangers help you at an ATM. Wait until you can ask a bank employee for assistance
  • If someone is standing too close to you at the ATM, request that they move
  • If something suspect appears at the ATM you want to use, find another one
  • Inform the bank right away if the ATM consumes your card
  • All banks provide a tollfree phone number at the ATM for this purpose; make a note of this number in case you require it
  • Cards that are lost or stolen must be reported right away
  • Keep your account, PIN, and the bank’s HELP-line phone numbers in a secure location
LinkedIn Feeds

JAYAKRISHNAN MENON
Co-Founder

Jayakrishnan is the perfect personification of a highly-skilled technology professional, turning out to be a versatile business leader, over the 25 years of his career span.

During the late ’90s, in his early years in the Indian Navy, he was pivotal in building and operating the best-in-class Network & cybersecurity solutions for the Naval Commands, apart for designing and implementing networking & wireless infrastructure and communication technology for Naval Air stations & Naval Aircraft carriers. Later in his corporate career, Jay has been instrumental in running and transforming globally dispersed IT operations, comprising of millions of endpoints and thousands of technology professionals, leading the entire Program Delivery, Technology Adoption and the Digital transformation. In Tesco Fresh & Easy – his past employers – he has led the design and implementation of complex and enterprise-wide IT Transformation Projects worth Millions of Dollars – And adding a feather to his coat of excellence, he has worked as the Head of Data Centre, Platforms and IT Security for QuEST Global Engineering – world’s Third largest engineering Services organisation. Jay has also been integral part of designing, building and transforming the global IT Infrastructure & mobility solutions across multiple Geographies, for various fortune 100 Organisations.


At Tecplix, as the co-founder and Director, Jay’s charter would be to lead and grow the Consulting Practices and the Technology Services Business. His focus areas would be Cyber Security, Hyper-Converged Platforms, AI, Dev Sec Ops, Advanced Cloud Services, Data Centres, Mobility, Automation, and IT Service Management, as Tecplix is well poised to lead large scale Consulting and Managed Services engagements in these areas.

Being a technology enthusiast, Jay spends most of his leisure time, bringing himself up-to-date on latest in the ICT domain. Jay is married to Reshmi and is the proud father of Suthirth.