Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
ATM
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Card fraud === In an attempt to prevent criminals from [[shoulder surfing (computer security)|shoulder surfing]] the customer's [[personal identification number]] (PIN), some banks draw privacy areas on the floor. For a low-tech form of fraud, the easiest is to simply steal a customer's card along with its PIN. A later variant of this approach is to trap the card inside of the ATM's card reader with a device often referred to as a [[Lebanese loop]]. When the customer gets frustrated by not getting the card back and walks away from the machine, the criminal is able to remove the card and withdraw cash from the customer's account, using the card and its PIN. This type of fraud has spread globally. Although somewhat replaced in terms of volume by skimming incidents, a re-emergence of card trapping has been noticed in regions such as Europe, where EMV chip and PIN cards have increased in circulation.<ref>{{cite web |url=http://www.atmsecurity.com/articles/atm-fraud/atm-security-issues-atm-fraud-issues-by-geography.html |title=ATM Security Issues & ATM Fraud Issues by Geography | ATMSecurity.com ATM Security news ATM Security issues ATM fraud info ATM |publisher=Atmsecurity.com |date=2009-03-04 |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20101024215333/http://www.atmsecurity.com/articles/atm-fraud/atm-security-issues-atm-fraud-issues-by-geography.html |archive-date=24 October 2010 }}</ref> Another simple form of fraud involves attempting to get the customer's bank to issue a new card and its PIN and stealing them from their mail.<ref>{{cite web|url=http://venus.soci.niu.edu/~cudigest/phracks/phrack-08 |title=Archived copy |access-date=2008-03-13 |url-status=dead |archive-url=https://web.archive.org/web/20080724213440/http://venus.soci.niu.edu/~cudigest/phracks/phrack-08 |archive-date=24 July 2008 }} </ref> By contrast, a newer high-tech method of operating, sometimes called '''card skimming''' or '''card cloning''', involves the installation of a magnetic card reader over the real ATM's card slot and the use of a wireless surveillance camera or a modified digital camera or a false PIN keypad to observe the user's PIN. Card data is then cloned into a duplicate card and the criminal attempts a standard cash withdrawal. The availability of low-cost commodity wireless cameras, keypads, card readers, and card writers has made it a relatively simple form of fraud, with comparatively low risk to the fraudsters.<ref>{{cite web|url=http://www.snopes.com/crime/warnings/atmcamera.asp|title=Skimming with ATM Cameras : snopes.com|author=snopes|date=29 March 2016|work=snopes}}</ref> In an attempt to stop these practices, countermeasures against card cloning have been developed by the banking industry, in particular by the use of [[smart card]]s which cannot easily be copied or spoofed by unauthenticated devices, and by attempting to make the outside of their ATMs [[tamper-evident|tamper evident]]. Older chip-card security systems include the French [[Carte Bleue]], [[Visa Cash]], [[Mondex]], [[Blue from American Express]]<ref>{{cite magazine |url=http://www.fastcompany.com/magazine/56/wth.html |title=What the Hell Do Smart Cards Do? |magazine=Fast Company |date=2002-02-28 |access-date=2011-02-11 |url-status=live |archive-url=https://web.archive.org/web/20100701223645/http://www.fastcompany.com/magazine/56/wth.html |archive-date=1 July 2010 }}</ref> and [[EMV 96|EMV '96 or EMV 3.11]]. The most actively developed form of smart card security in the industry today is known as [[EMV 2000|EMV 2000 or EMV 4.x]]. [[EMV]] is widely used in the UK ([[Chip and PIN]]) and other parts of Europe, but when it is not available in a specific area, ATMs must fall back to using the easy–to–copy magnetic stripe to perform transactions. This fallback behaviour can be exploited.<ref>{{cite news |url=http://www.hindu.com/2006/05/19/stories/2006051920380300.htm |title=Tamil Nadu / Chennai News : Four more held in fake credit card racket case |date=2006-05-19 |access-date=2011-02-11 |location=Chennai, India |url-status=dead |archive-url=https://web.archive.org/web/20110810232850/http://www.hindu.com/2006/05/19/stories/2006051920380300.htm |newspaper=[[The Hindu]] |archive-date=10 August 2011 }}</ref> However, the fallback option has been removed on the ATMs of some UK banks, meaning if the chip is not read, the transaction will be declined. Card cloning and [[Skimming (credit card fraud)|skimming]] can be detected by the implementation of magnetic card reader heads and firmware that can read a signature embedded in all magnetic stripes during the card production process. This signature, known as a "MagnePrint" or "BluPrint", can be used in conjunction with common two-factor authentication schemes used in ATM, debit/retail point-of-sale and prepaid card applications. The concept and various methods of copying the contents of an ATM card's magnetic stripe onto a duplicate card to access other people's financial information were well known in the hacking communities by late 1990.<ref>{{cite web |author=Fredric L. Rice, Organised Crime Civilian Response |url=http://www.skepticfiles.org/hacker/phrack32.htm |title=Phrack Classic Volume Three, Issue 32, File #1 of XX Phrack Classic Newsletter Issue XXXII |publisher=Skepticfiles.org |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20101121231232/http://www.skepticfiles.org/hacker/phrack32.htm |archive-date=21 November 2010 }}</ref> In 1996, Andrew Stone, a computer security consultant from Hampshire in the UK, was convicted of stealing more than £1 million by pointing high-definition video cameras at ATMs from a considerable distance and recording the card numbers, expiry dates, etc. from the embossed detail on the ATM cards along with video footage of the PINs being entered. After getting all the information from the videotapes, he was able to produce clone cards which not only allowed him to withdraw the full daily limit for each account, but also allowed him to sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he could withdraw as much as £10,000 per hour by using this method. Stone was sentenced to five years and six months in prison.<ref>{{cite web |author=Stephen Castell |url=http://itnow.oxfordjournals.org/cgi/content/abstract/38/6/17 |title=Seeking after the truth in computer evidence: any proof of ATM fraud? — ITNOW |doi=10.1093/combul/38.6.17 |publisher=Itnow.oxfordjournals.org |access-date=2011-02-11 |url-status=dead |archive-url=https://web.archive.org/web/20071012184756/http://itnow.oxfordjournals.org/cgi/content/abstract/38/6/17 |archive-date=12 October 2007 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)