ATM Fraud & ATM Skimming

Posted on Posted in Technology

ATM card is one of the benefits technology has brought to the banking industry and so also it can be disastrous when you are careless about all the tips being provided by your financial institution

Your bank will always advise you not to reveal your banking details to third party.

Your banking details include:

  • Your name
  • Your account number
  • Your ATM card number (16 digits)
  • Your ATM expiry date (MM/YY)
  • Your CVV2 (3 digits at the back)
  • Your token generated code
  • Your ATM 4 digits pin

There are so many ways you can be tricked, Infact I have received so many crooked emails times without number pretending to originate from gtbank but at the end discovered that it was intended to scam me. Maybe you too have experienced what I said.

Those kinds of email always reside in the SPAM folder because:

  • There is a link in the email that will redirect you to their crooked website where you will be asked to supply your bank details.
  • There is a link that uses link shortening services.
  • At times their emails contain javascript or form code and this is an absolute way to get the email filtered.

If you have managed to read the email from the spam folder like me, their message is always tailored to “update your account by clicking a link below” so as to prevent it from being suspended.

Your financial institution will never send any unsolicited email to you to change or update your account details and even if need be to update your account, you can only do that by visiting your financial institution website and upon internet banking enabled on your account or by simply walk in to any branch.

When using your financial institution website, always make sure that the site is in SSL, what does SSL means?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet focused world, the SSL protocol is typically used when a web browser needs to securely connect to a web server over the inherently insecure Internet.

Technically, SSL is a transparent protocol which requires little interaction from the end user when establishing a secure session. In the case of a browser for instance, users are alerted to the presence of SSL when the browser displays a padlock, or, in the case of Extended Validation SSL, when the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is an incredibly simple experience for end users.

As opposed to unsecured HTTP URLs which begin with “http://” and use port 80 by default, secure HTTPS URLs begin with “https://” and use port 443 by default.

HTTP is insecure and is subject to eavesdropping attacks which can let attackers gain access to online accounts and sensitive information if critical information like credit card details and account logins is transmitted and picked up. Ensuring data is either sent or posted through the browser using HTTPS is ensuring that such information is encrypted and secure.

In practice, how is SSL used in today’s modern e-commerce enabled / online workflow and service society?

  • To secure online credit card transactions.
  • To secure system logins and any sensitive information exchanged online.
  • To secure webmail and applications like Outlook Web Access, Exchange and Office Communications Server.
  • To secure workflow and virtualization applications or cloud-based computing platforms.
  • To secure the connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.
  • To secure the transfer of files over https and FTP(s) services such as website owners updating new pages to their websites or transferring large files.
  • To secure hosting control panel logins and activity like Parallels, cPanel, and others.
  • To secure intranet based traffic such as internal networks, file sharing, extranets, and database connections.
  • To secure network logins and other network traffic with SSL VPNs such as VPN Access Servers or applications like the Citrix Access Gateway.

Financial institution like gtbank has always embarked on periodic campaign that you should disregard any email instructing you to update your account by supplying your details.

Another strategy to get people scammed is through BVN (Bank Verification Number). Despite the CBN (Central Bank of Nigeria) sensitization on the need to be vigilant and disregard any unsolicited emails and text messages asking bank customers to supply their banking information in order to get their account re-activated or from getting suspended.

There are mediums by which bank customers can find out if they have been properly enrolled on the BVN platform.

  • You can call your financial institution CIS (Customer Information Service) or walk in to any branch and ask from the CIS to collect your BVN if it has not been sent to you.
  • You can also use a mobile network service which attracts N10 per query by dialing the USSD code *565*0# on the mobile number used for the BVN exercise.

Again, please disregard any unsolicited emails and text messages asking you to send your banking details including your BVN.

The last issue I will like to share with my fellow Nigerians is ATM skimming. Have you even wondered what ATM skimming is all about?

It is no longer new because it actually originated from the western world and has already extended to Nigeria for the past few years.

I was fortunate to be at one popular bank performing a transaction one day when a customer rushed in and walked straight to the CIS and started shouting and at the same time shedding tears and expressing his pathetic feelings on how a debit alert of N70, 000 just came into his phone that he has just made a withdraw from an ATM machine in Benin, Edo state while he was right in Lagos the same time the alert came in to his phone then I realized it was ATM skimming.

There might be possibility his friend or someone might have access to his ATM card and got it cloned and also found out his password somehow.

ATM skimming is like identity theft for debit cards

How does ATM Skimming Work?

Skimmers use hidden electronics to steal the personal information stored on your card and record your PIN number to access all that hard-earned cash in your account. That’s why skimming takes two separate components to work. The first part is the skimmer itself, a card reader placed over the ATM’s real card slot. When you slide your card into the ATM, you’re inadvertently sliding it through the counterfeit reader, which scans and stores all the information on the magnetic strip.

However, to gain full access to your bank account on an ATM, the skimmer still need your PIN number. That’s where camera comes in – this camera is hidden on or near the ATM, tiny spy camera is positioned to get a clear view of the keypad and record all the ATM’s PIN action.

Some ATM skimming schemes employ fake keypads as an alternative to cameras to capture PIN numbers. Just like the card skimmers fit over the ATM’s true card slot, skimming keypads are designed to mimic the keypad’s design and fit over it like a glove.

The skimmer has two options of retrieving the captured details, he can either control the device remotely through mobile network or come physically to remove the device and download the details on to his computer.

This captured details is then written or copied to a blank ATM card through a match stripe writer, this process is called ATM card cloning which means the skimmer now has your physical card with your password in his possession.

Although, CBN has addressed this issue and has gave directive to all banks in Nigeria to install ATM anti-skimmer on their respective ATM machine. The anti-skimmer is mostly the green plastic you see in the card slot.

You still need to protect yourself, how?

  • Beware if you have to use ATM machines which are located outside bank premises like eateries, supermarkets, hotels, parking lots and gas stations as there might be skimming device installed on them.
  • Always pay attention to objects mounted on the ATM or located close by. A pinhole or off-color piece of plastic could give away the camera’s hiding place.
  • If you notice that the keypad on your ATM seems to protrude oddly from the surface around it, or if you spy an odd color change between the pad and the rest of the ATM, it could be a fake.
  • Some ATM machine has a blocking plastic to safeguard your pin from being captured incase skimmer has his camera installed right above the keypad but if there is no such blocking plastic, make sure to use your second palm to cover your pin as you punch the keypad.
  • ATM machines in the bank premises are safer but nevertheless, apply these tips to safeguard yourself.
  • Never use your birth year as your password.
  • Change your password periodically.
  • Financial institutions are trying to curb this totally but skimmers are also not relenting to frustrate bank efforts but you need to be told.