Tuesday, February 12, 2013

Modus Operandi - The International ATM Card Scam






People withdrawing money from automated teller machines (ATM) are instinctively on their guard against anyone peeping from behind and seeing their bank details. What they don't know is that the threat may have been in front of them all along.


Millions of pesos have been lost by customers of domestic banks to an international syndicate that specializes in duplicating the cards—and capturing the personal identification number (PIN)—of unsuspecting ATM cardholders, according to banking industry executives.


In an interview with the Inquirer, the bank officials revealed details of a massive "card-skimming" operation that they said was first observed in 2011 and had gradually peaked toward the end of 2012.


The problem became so widespread that the three main ATM networks operating in the country—Expressnet, Megalink and Bancnet—joined forces late last year and agreed to jointly implement measures to combat the scam. Some banks have voluntarily recalled the ATM cards of clients whose accounts were suspected to have been compromised and replaced them with new cards.


Nestor Tan, president of BDO Unibank, the country's largest bank, described the modus operandi of the syndicate or syndicates. "The syndicate surreptitiously installs card readers on ATM machines, just on top of the slot where you (insert) your card. To the untrained eye, you will think this is just part of the machine," Tan said. "At the same time, they install minute cameras on top which records the client’s keystrokes when he enters his PIN," he added. "Within a few hours, they can have a duplicate card and withdraw money from your account," he said.


An official of the Expressnet ATM network said that investigations initiated by the local banking industry all point to an international organized crime network aided by locals. "Based on our investigations, these activities were traced abroad to some Taiwanese, Malaysians, Sri Lankans and even Bulgarians," said Mike Bernabe, the Expressnet vice president for operations.


Using the information captured by the illegally installed card readers from the ATM cards, the syndicates are able to make balance inquiries and know exactly how much to withdraw. Most accounts are cleaned out within hours via multiple withdrawals, since the syndicates also know the transaction limits for each account.


The exact amount of cash that has been lost to this syndicate has not been fully quantified but the president of another large local bank estimates the value to be in the "millions of pesos" since the scam began. The devices that are used to read the ATM cards' magnetic strips—where crucial account data are stored—are innocuous-looking and can even be bought from vendors over the Internet, Tan explained.


Bernabe said that local banks have managed to seize some of these illegal devices and have sent them overseas for further investigation. "We sent some of the devices abroad to MasterCard because they have more sophisticated technology that can decipher the data," he said, adding that the initial findings pointed to a foreign-based operation.


According to bank officials, one indication that the operation is based overseas is the fact that some foreign-issued ATM cards that fell prey to this scam were reported to have experienced subsequent withdrawals abroad. "They know when the ATM or credit card [when used for a cash advance] is from abroad because the withdrawals are made abroad," said another bank official who asked not to be named.


The problem has also reached the regulators at the Bangko Sentral ng Pilipinas, which has reminded banks to strengthen their security procedures. "We are aware of this situation and have alerted banks about it," said BSP deputy governor Nestor Espenilla Jr. "Advisories are also periodically issued to remind the public," he said.


According to Pascual Garcia III, president of Philippine Savings Bank (PSBank), one of the country's largest savings banks, the industry first became aware of the syndicates’ modus operandi in late 2011. "Now we have deliberate measures to control that. One is by installing covers on ATM keypads to prevent [the syndicates] from being able to take videos of the passwords [when executing the keystrokes]," he said.


In an effort to get in front of the problem, local banks and their ATM networks have implemented measures to help prevent card-skimming. "We are now installing what we call fraud-detection inhibitors," said Expressnet's Bernabe. "This is the green plastic device you see on the ATM machine which prevents the installation of a card reader."


He said the three ATM networks have also agreed to install "PIN shields" on their machines which are basically contraptions meant to cover the keypad from any video recording device that could be installed around the ATM. Bernabe also pointed out that some banks have made it a practice to deactivate the international interconnectivity of the ATM cards they issue to prevent fraud. Instead of cards being automatically activated for use abroad, some clients now have to specifically ask their banks to activate this feature before they travel abroad.


One troublesome issue for local banks is whether they should cover the losses of clients who are victimized while using the ATM machines of other banks, some of which may not have installed the appropriate security measures. "Sometimes, compromise settlements are made in situations like those, although we hear that these compromise settlements are growing in number," Garcia said.


Some local banks have moved proactively, contacting clients whose cards are suspected to have been compromised, and replacing their ATM cards with new ones. "If we suspect that you have been victimized, we contact you and replace your card right away," said BDO's Tan.


Source: Philippine Daily Inquirer

0 comments:

Post a Comment