ATM card is one of the benefits technology advancement has brought to the banking industry, but it can be disastrous if it is not being carefully handled because your fund is directly tied to it.
Your financial institution will send you periodic security tips on how you can effectively manage and protect your card from theft or any unauthorized use.
One of the security tips from your bank is never to disclose your card information to anyone.
Your banking details include:
- Your name: Mostly printed on the front side of the card
- Your account number: Not printed on the card
- Your ATM card number: This is the 16 digits printed on the front side of the card
- Your ATM expiry date (MM/YY): Printed on the front side of the card
- Your CVV2 (3 or 4 digits at the back): Printed at the back of the card
- Your token-generated code: This is used as an extra layer of security during a transaction authentication. Your token can either be a hardware or software token.
a. Hardware token is a hardware device that is synchronized with your account. To generate token value, you need to press the small button on it to display value after which the value gets reset in 30 seconds, or as the financial institution has programmed it.
- Your ATM (4 digit pin): This remains confidential to you. Avoid using your birth year.
There are so many fraudulent ways ATM card thieves can play tricks on you but you should never fall for any.
They can go to any length to call your telephone number which you have on file with your financial institution, and pretended to act as your bank. They are simply impostors.
If you are suspicious of their request, quickly hang up on them and call your bank account manager or customer support official telephone for clarification, to be forewarned is to be forearmed.
Impostors have called me several times to ask me to read out my full ATM card number and the validity period to enable them to block suspected fraudulent transactions originating from my account but I declined.
I knew my financial institution would never call me for such information. My bank would have automatically blocked any suspected fraudulent transaction on my account and subsequently sent me a notification by email.
Subsequently, your bank will send you a notification to urgently update your online banking login credentials if they feel your account has been compromised.
To date, I receive numerous phishing emails pretending to originate from my financial institution, I always send them to the spam folder.
Phishing emails are meant to reside in the spam folder because:
- There is a link in the email that will redirect you to a cloned website that looks like your financial institution, where you will be asked to log in with your credentials so that they could grab your details.
- There can only be one registered domain name used by your bank. Fraudsters will try to use a similar domain to get you into believing that you are logging into the real online banking portal.
If you managed to read the phishing email from the spam folder like me, their message is always tailored to “update your account by clicking a link below to prevent it from being suspended” or “click the link below to unblock your account” and many more.
They use many deceptive captions to get you to click and supply your data, after which the credentials are captured and your account compromised.
When using your financial institution’s website, always make sure that the site has a closed padlock. The closed padlock can be referred to as SSL.
What does SSL mean?
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet-focused world, the SSL protocol is typically used when a web browser needs to securely connect to a web server over the inherently insecure Internet.
Technically, SSL is a transparent protocol that requires little interaction from the end-user when establishing a secure session. In the case of a browser for instance, users are alerted to the presence of SSL when the browser displays a padlock, or, in the case of Extended Validation SSL, when the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is an incredibly simple experience for end-users.
As opposed to unsecured HTTP URLs which begin with “http://” and use port 80 by default, secure HTTPS URLs begin with “https://” and use port 443 by default.
HTTP is insecure and is subject to eavesdropping attacks which can let attackers gain access to online accounts and sensitive information if critical information like credit card details and account logins is transmitted and picked up. Ensuring data is either sent or posted through the browser using HTTPS is ensuring that such information is encrypted and secure.
In practice, how is SSL used in today’s modern e-commerce enabled / online workflow and service society?
- To secure online credit card transactions.
- To secure system logins and any sensitive information exchanged online.
- To secure webmail and applications like Outlook Web Access, Exchange, and Office Communications Server.
- To secure workflow and virtualization applications or cloud-based computing platforms.
- To secure the connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.
- To secure the transfer of files over https and FTP(s) services such as website owners updating new pages to their websites or transferring large files.
- To secure hosting control panel logins and activity like Parallels, cPanel, and others.
- To secure intranet-based traffic such as internal networks, file sharing, extranets, and database connections.
- To secure network logins and other network traffic with SSL VPNs such as VPN Access Servers or applications like the Citrix Access Gateway.
Financial institutions have always embarked on periodic campaigns that you should disregard any email instructing you to update your account by supplying your details.
Another strategy to get people scammed is through BVN. The CBN has always engaged in sensitizing bank customers on the need to be vigilant and disregard unsolicited emails and text messages asking you to supply your information, in order to get your account re-activated or from getting suspended.
Another danger you need to watch out for is ATM skimming and how ATM skimmers operate.
What is ATM skimming all about?
ATM skimming is identity theft for prepaid, debit, and credit cards. This is when criminals place a hidden electronic device on the face of the ATM machine card slot to capture information of the card and record the pin when it is inserted unknown to the card owner.
ATM skimming is popular in the western world. ATM card skimming has been widely reported to have happened at gas stations. Few were also reported in stores that were perpetrated by corrupt employees.
ATM skimming is not trendy in Nigeria just yet but awareness must be raised to let you know how it works and how you can further prevent yourself from being a victim.
I was fortunate to be in one popular bank performing a transaction the other day when a customer rushed in and walked straight to the CIS and started making a scene. He complained how he got a debit alert of seventy-thousand naira (NGN70,000) amount which he never performed.
The troubled customer further explained the debit alert stated that the transaction was performed in Benin City of Edo State, Nigeria whilst he was in Lagos state at the exact time of the transaction.
The first thing that came to my mind was either he has been a victim of ATM skimming or someone deliberately stole and cloned his card.
ATM skimming exists in many versions.
- Your card information can be captured on a compromised ATM alongside your pin code.
- Your card information can also be captured by a corrupt employee if you use a PoS machine. How does this work? The corrupt employee secretly swipes your card against their card reader device after which the card information is replicated to a blank card.
How does ATM Skimming Work?
Skimmers use hidden electronics to steal the personal information stored on your card and record your PIN number to access all that hard-earned cash in your account.
Skimming requires two separate components to work.
The first component is the skimmer itself which captures the card information. The skimmer is placed on top of the ATM’s real card slot. When you insert the card, you are accidentally sliding it through the replica reader. This way, the replica reader scans and stores all the available information on the card via the magnetic strip.
Nevertheless, the skimmer needs your PIN code to be able to gain full access to your bank account, they simply insert a pinhole camera towards the ATM PIN pad to capture your input.
This captured PIN is then matched with the information on the skimmer and the time it was captured. That is how they sort the PINs for the captured cards.
Some ATM skimming schemes employ fake keypads as an alternative to cameras to capture PIN numbers. Just like the card skimmers fit over the ATM’s true card slot, skimming keypads are designed to mimic the keypad’s design and fit over it like a glove.
The skimmer has two options of retrieving the captured details, he can either control the device remotely through a mobile network or come physically to remove the device and download the details onto his computer.
These captured details are then written or copied to blank ATM cards through a match stripe writer, this process is called ATM card cloning which means the skimmer now has your physical card with your password in his possession.
Although, CBN has addressed this issue and has long given directives to all banks in Nigeria to install ATM anti-skimmer on their respective ATM machines. The anti-skimmer is mostly the green plastic you see on the card slot.
Tips To Help You Prevent ATM Card Fraud and Skimming
- If you have to use a POS machine in places like eateries, stores, gas stations, and so on, ensure your card is within your site during the whole transaction. This will help you to prevent your card from being swiped by a skimmer for identity theft.
- Before inputting your PIN on the POS machine, look back to ensure no one is looking over your shoulder to prevent card thieves from knowing the order at which your finger left a thermal signature on the keypads by using a thermal imaging device.
- Beware if you have to use ATM machines that are located outside bank premises like eateries, supermarkets, hotels, parking lots, and gas stations as there might be a skimming device installed on them.
- To further enhance the security of your card, it is ideal to use ATM Credit Card Holder.
ATM Credit Card Holder is known to be a good RFID blocker. This cardholder is made with high-quality stainless steel which is a good deterrent to block RFID signals that card thieves may want to use to steal your card information without your knowledge.
You can order the ATM Credit Card Holder and protect your cards from attack.
Card thieves have gone one step ahead in their hacking, you need to be on top of your game.
This process only involves the card thieve to install a credit card reader app on their smartphone. And with the help of NFC (Near Field Communication) technology, this process does not even need physical contact to steal your card identity.
- Another useful tip I have for you is to scrape off your CVV2 which is found at the back of your card. This way, shopping with your card is almost impossible with the CCV2 scrapped off.
- If you notice that the keypad on the ATM seems to protrude oddly from the surface around it, or if you notice an odd color change between the pad and the rest of the ATM, you need to avoid using it.
- Some ATM machines have blocking plastic above the PIN pad to shield your pin from being captured by any concealed camera. If the ATM you are using does not have this blocking plastic, simply use your other hand to block your PIN as you punch.
- ATM machines in the bank premises are safer but nevertheless, apply these tips to protect yourself.
- Whenever you are making a purchase with your ATM card online, do not use public Wi-Fi, your data could be harvested by hackers who may also be sitting on the wireless network to sniff data from unsuspecting victims.
- Never use your birth year as your PIN.
- Change your PIN from time to time
- Never allow your ATM card to go out of your sight whenever you are using a POS terminal. This way, you will prevent your card from being swiped over another card reader device.
- When you sign up for a free trial such as Netflix, Amazon Prime Video, or Hulu with your card, there is a chance that you will forget to cancel the subscription before the expiration date, hence, your card is charged and fund is debited by your bank. If you don’t want this to happen, you may want to use a utility card instead. You only fund the card when it is necessary.
- Some web services will secretly place you on recurring billing even though you did not enable it. Always use your utility card, or use an online service to create a virtual card that has insufficient funds in it.
Final Advice
Despite the emergence of EMV chip technology, credit and debit cards are still susceptible to card fraud and identity theft due to the magnetic strip used in them.
Internet is not a safe place, you need to be cautious when you are using your card. Debit card only has less security. And because it is directly tied to your bank account, it is better you don’t use it for online transactions, shopping, or paying via POS.
You can easily apply for a utility card from your bank. This way, if the hacker eventually has access to the card, you can only lose the fund in the card and not the fund in your bank account.
A utility card can help you to have peace of mind, you can easily manage your utility card by only transferring the needed fund to the card unlike a debit card, which has all your fund in it.
If you found this article helpful, please consider sharing it amongst your friends and family to help them understand more about how to better handle their cards.
Feel free to interact by using the comment box below.