32 C
Saturday, June 22, 2024

Cards & ATM Measures to avoid ATM fraud

In the evening of December 11, 2016, we got an opportunity to have a tea session with Mr. Shah Azizul Islam, EVP & Head of Card & ADC Operations Unit, Dhaka Bank. He’s been working in the cards landscape for over 15 years.

During the interview, we asked about ATM card skimming, ATM tampering, card fraud activities, and how to avoid them.

“Card or ATM fraud isn’t new,” Shah said. What has changed, he said, is that “the technology of the miscreants is changing every year.”

“In ATM card skimming, miscreants usually use two devices to capture PIN and card data. The first one is used by placing it in the ATM where you insert your card. It extracts the required data from the magnetic stripe on your card. The second tool is a hidden camera used to capture images of the PIN being entered,” he said. But how do they then use those data without a valid card? “Once miscreants get hold of the stolen data, they use it to create a counterfeit card and use it with the captured PIN to access your account,” he explained.

However, mandatory Anti-Skimming device and PIN Shield installation at all ATMs of the country has been introduced and has effectively reduced the risk exposure.

But Banks and customers must both stay be vigilant at ATM transactions.

Innovative and technologically advanced attacks like ATM Cash-Out fraud or ATM Jackpotting capitalize on issuer’s and acquirer’s time zone differences, country holidays and other times when normal support and monitoring staff may not be available, or by loading malware to remotely gain control of ATMs. Banks should adopt globally-established security standards and practices such as PCI-DSS and ensure that effective policies, processes and reviews are in place to protect from such attacks.

Shah Azizul Islam also talked about what banks/Issuers may do as preventive measures. “Chip cards and PIN-based transactions are inherently safer than magnetic- stripe cards and signature-based transactions. And for online transactions, 2-Factor Authentication significantly reduces fraud risk. Issuers have to move in that direction,” said Shah.

“Customer awareness is another vital area. Banks must keep their customers aware about safe practices and promptly notify them through transaction alerts. Similarly, Banks must also educate and monitor their merchant relationships to ensure that customer protection is not compromised.”

“Banks should also keep close monitoring on their ATMs. Setting up necessary surveillance equipment with ample lighting to detect suspicious activity is a effective measure.”

All maintenance activity must be authenticated, monitored and documented. Unauthorized persons must not be allowed access to the ATM premises.

“Banks should inspect ATM booth on a regular basis. They should physically inspect all elements of the ATM Booths and document the same,” Shah stressed.

ATM Anti-skimming device and PIN Shield are mandatory measures to safeguard against card and PIN data theft. Banks must ensure these at all ATMs.

ATM Booth Security Guards should be properly trained and monitored. “ATM Booth security guards must be given proper instructions, training and posting rotation. Emergency contact numbers must be kept available to them.”

What should you look for when you inspect an ATM machine and booth, we asked. “Typically you look for anything irregular on the ATM or the Booth area, like stickers, labels and cords that are popping out inaptly or if anything looks like it’s been pulled or tugged inside the ATM booth. Also, you should get the security guard’s feedback regarding any suspicious activity observed by him” he said.

So, what happens when you discover a skimming device? “You must immediately inform the concerned authorities. They can also help you proactively mitigate any additional fraud that can stem from the skimming device,” Shah Azizul Islam said.

He also stressed that for fraud detection banks should verify that each of their card portfolios is protected by a fraud detection system. “There are a number of fraud detection tools available. Banks should consistently make use of such tools to detect and mitigate fraud risk.”

What should the card users do then? Shah said that, “First and foremost, developing an awareness about card security should be emphasized. Sometimes, some basic precautions can go a long way towards averting undesired consequences.”

“Keeping your Bank up-to-date on your contact information is very important. It helps you to stay informed about what’s happening in your account, and if you notice anything unexpected, you should promptly contact the Bank.”

“If you notice anything wrong or suspicious at an ATM, do not use that ATM. Inform your bank about it right away.

“If your card gets captured or stuck in an ATM, immediately ask your Bank to block your card.”

“Use familiar ATMs and limit your visit. ATM in dimly lit areas or used at late night could be more susceptible to fraud. And try to limit the number of your visits to the ATM and the time spent there – the more frequency, the more risk.”

“Do not let anybody else to assist you when making a transaction. If you need help, read the Instruction Board in the ATM Booth or call your Bank’s Contact Center for assistance.”

“Finish the transaction before leaving the ATM. Make sure that you’ve finished the transaction and removed your card before leaving the ATM. Some ATMs ask if you want “another transaction”. You must select “no” to close your card’s transactions,” he added.

Another simple way is to keep a close eye on your account balance. Customers can do this by monitoring their accounts regularly and detect unusual withdrawals or activity if they occur.

People should treat their cards like their cash – keep it in your own possession or under lock and key, without exception.
Even though this is common knowledge, Shah Azizul Islam, nevertheless, stressed on keeping the PIN secret: “Keep your PIN in your memory and never write it down or store it. Never let someone else enter your PIN for you or if you suspect someone knows your PIN, change the PIN immediately.”

“Also never disclose your debit or credit card information in response to an unsolicited email or request as e-mail is a widely used tool for perpetration of fraud,” he added.

Shah said that it is particularly important to be careful during online shopping: “Make sure that your account information is protected at the time of
online shopping. Use 2-Factor Authentication (One-Time-PIN) for all online transactions. Always logoff from any site after making an online purchase or if you can’t logoff, shut down your browser to prevent unauthorized access to your account information.”
Customers should also report in case of a stolen card, Shah said. “Report to your bank immediately if you lose your card, even if you think it’s only misplaced and you will find it later. This will prevent unauthorized transactions.”


Please enter your comment!
Please enter your name here

Related Articles


Cloud Computing Security Issues, Threats and Controls

Cloud Computing and service models  The official NIST definition (NIST 800-145) of cloud computing says, “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand...
API and Open Banking

API and Open Banking: Way for New Service Innovation for Banks and FinTech Companies

The people who gathered at a hall room of a city hotel in last month had one thing in common—they all are working in...
ISO 2001

ISO 27002: 2022 Implementation vs Reality

After almost a decade, ISO27001: 2013 is going to publish its new iteration of ISO27001:2022 in second (2nd) Quarter this year1. But prior to...
Deepfakes: The Synthetic Media I want to believe

Deepfakes: The Synthetic Media I want to believe

What Are Deepfakes? A deepfake is a sort of "synthetic media," which refers to material (such as images, audio, and video) that has been modified...
The power of API platforms

The power of API platforms brings the open banking promise into sharper focus

Open banking is a global phenomenon whose merits are felt in virtually every time zone, including those in the Asia-Pacific region. In contrast to...
Blockchains Gaming and Collusion

“Blockchains: Gaming and Collusion- A Reading in Political Economy”:  Futuristic Exploration with Fact-based Analysis

In this digital age, it has become quite common for us to constantly remain mesmerized by fascinating technologies.  However, deeper thoughts about those technologies,...