By Nalin Wijeratne
Automated Teller Machine (ATM) attacks and fraud at ATM continue to be significant concerns for the bank card industry.
The recent ATM attack detected by the Criminal Investigation Department of Sri Lanka Police and reported on weekend newspapers as well as on all local TV channels is a typical ATM attack seen in other parts of the world.
The primary function of ATM is to dispense cash. The intended outcome of all ATMS fraud should be construed as the illegal procurement of cash or money value distributed via ATM network.
ATM crime is a problem being experienced globally; as high-tech professional criminals have realised the vulnerability of ATM networks, fraud has increased and is much more sophisticated.
The first ‘Lebanese loop’ devices, which are used to trap cards and money in the machine began to be used in 1994.This was followed by the first reports of externally compromised ATMs in 1998.
In recent years there have been a growing number of occurrences, where machines have been internally compromised as well as external skimming and video devices being used to capture magnetic stripe data and customer Personal Identification Numbers (PINs).
When it comes to ATM-based fraud, criminals are taking advantage of the proliferation of cash machines in unsuitable locations, which make them an appealing target for adding skimming devices to capture cardholder data. Criminals are also targeting ATMs in banks/Financial institutions that may not have adequate defences in place. They may not, for example, monitor their ATMS or be able to afford the sophisticated fraud detection technology necessary to identify patterns indicative of skimming and counterfeiting during card transactions.
The majority of the banks and financial institutions here that have installed ATMs have implemented the necessary security controls to mitigate ATM frauds. I strongly believe that another important mitigation method against ATM fraud is to educate the cardholders as to unusual activity when conducting a transaction at an ATM.
It is the responsibility of the banks and financial institutions to provide customer education to help cardholders identify fraudulent schemes before they are victimised.
Banks and financial institutions should stress the importance of awareness at the ATM to their customers and promote vigilance in reporting any irregularities in the appearance and operation of the ATM. Many cardholders use the same ATMs in their daily or weekly banking routines. Habitually using the same ATMs provides for familiarisation with the aesthetic of a unit. An attentive consumer who notices irregular objects or any attached notes suggesting unusual operating instructions should immediately report the discrepancy to their bank/financial institution.
Cardholders should contact their banks/financial institution if they suspect ATM tampering and shield the PIN pad during use to prevent any fraudster from knowing the PIN.
Cardholders should immediately notify their banks about an unauthorised ATM or debit card transaction on their account and carefully review their monthly account statements or use internet banking to monitor any uncommon activity on their account.
Countries throughout the world have proactively taken measures to prevent or limit ATM fraud attacks. This type of criminal conduct will continue to migrate from those countries where preventive measures have been implemented to those counties that have not yet implanted effective fraud/risk mitigation strategies.
(The writer is a member of the Panel of Experts to assist the Police in payment card fraud investigations in terms of the payment devices Fraud Act No. 30 of 2006, Past President of the Payment Card Industry Association of Sri Lanka and Consultant – NDB bank.)