Skimmers Target Bank Branches

Fraudsters More Prone to Hit ATMs in Lobbies and Vestibules
Skimmers Target Bank Branches
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.

Albert Richard of Missouri City and Jason Michael Lall, John Pierre Griffin and John DaSilva Paz, all of Houston, have been charged with conspiracy to commit bank fraud and two counts of access device fraud.

The suspects' modus operandi: Spray painting or obstructing bank surveillance equipment so that they could place skimming devices without detection. In fact, Richard was busted after his image was caught on camera, just before he spray-painted the surveillance equipment at a Houston JP Morgan Chase bank branch to install a skimming device over the machine's card reader.

The news comes just one month after federal authorities indicted a separate crime ring for its alleged involvement in a $1.5 million ATM skimming scheme that targeted Citibank and Chase branches in New York, Chicago and Miami. [See 4 Charged with $1.5M ATM Skimming.]

Lobby ATMs: An 'Inside' Job

Though the Houston case did not clarify whether the compromised ATMs were located in vestibules, lobbies or drive-up lanes, other recent cases highlight the vulnerability of on-site or branch ATMs to skimming.

While most banking institutions focus their anti-skimming attention on unattended ATMs, such as those located at off-site locations like convenience stores or islands, these recent schemes prove that ATMs in plain sight, at the branch, could be the fraudster's best target.

"While it's common practice now for many branches to periodically perform a physical check of their ATM, to ensure that it has not been tampered with, few expect the PIN pads within the branch to be targeted," says Julie McNelley, a banking and payments fraud analyst at Aite Group. This highlights the need for FIs to be variable in their fraud-mitigation efforts, to the extent possible, making it more difficult for criminals to predict likely countermeasures."

A similar skimming scheme last year, which also targeted branch ATMs, at TD Canada Bank proves fraudsters are good at beating the odds.

Mike Lee, CEO of the ATM Industry Association, says bankers should not overlook the possibility that many of these recent attacks have an inside connection. "We wrote best practices for prevention of insider fraud, because we know there are sometimes forms of collusion," Lee says. "I am not sure if there was any collusion in these cases, but it does reinforce the need for bank branch staff to be educated about ATM security, now, more than ever, because of the nature of organized international crime." [See Insider Threats: Great and Growing.]

An International Crime

ATM skimming remains the world's No. 1 ATM crime, and ATMIA is pushing for stiffer sentences for all skimming offenses, including the mere possession of skimming equipment.

Part of the problem: ATM crimes are still considered white-collar, meaning the sentences they carry are often light, relative to the losses financial institutions and their customers and members suffer, says Chuck Somers, vice president of ATM Security and Systems for Diebold Inc., one of the world's top three ATM manufacturers. "It's estimated that organized criminal networks have grown to about 15 percent of the total world economy," Somers says. "Why? Because the stakes are low and the payoff high."

Pointing to last month's $1.5 million ATM scheme, which involved a crime ring from Romania, Ducey says organized crime groups are focusing their attention on developing technical sophistication that exploits vulnerabilities, such as those evident at branch ATMs. "We expect that industry regulations will continue to increase to ensure that the proper safeguards are put in place to reduce the loss to the industry and focus on protecting personal identification information," he adds.

Lachlan Gunn, who heads up the European ATM Security Team, says the brazenness of criminals in all of these cases should serve as a wake-up call to U.S. banks and credit unions.

"These criminals appear to have been bolder than is normal, i.e., placing skimming and PIN compromise devices inside bank branches," he says. "This must raise questions about branch security and staff awareness and training. Why did it take so long to catch them? The placement of card skimming devices at bank lobby door openers is very old news in Europe. To counter this, many European banks have simply removed such devices altogether."

But until U.S. institutions enhance security, European cardholders will likely continue to suffer from skimming, as international crime rings improve their techniques.

"[It's] another example of organized European gangs going to the U.S. because of the success of EMV implementation in Europe and other parts of the world in reducing skimming-related losses," he says. "The U.S. has no plans to do the same. These guys have perfected card skimming techniques in other markets and now appear to be hitting the U.S., as a 'soft' target." [See Europol's Organised Crime Threat Assessment, which states that 80 percent of fraud incidents hitting cardholders in the European Union is committed in the U.S.]


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.