Recent ATM skimming arrests in Washington State show not just how the U.S. Pacific Northwest is cracking down on fraud, but reflect trends that are common in many regions, law enforcement officials say. [See New ATM Skimming Arrests.]
Better yet for financial institutions: The Seattle crimes reveal patterns and cues that can help institutions better detect and prevent ATM fraud in their own backyards.
"The police are getting savvier about this kind of crime," says Robert Kierstead, assistant special agent in charge of the Seattle office of the Secret Service, who spoke with BankInfoSecurity about the Seattle skimming sting.
Seattle Fights BackOver the last three years, skimming attacks waged against ATMs and pay-at-the-pump terminals in Seattle and its surrounding suburbs have exploded.
"Some of the departments in the area, in Kirkland, Washington and Bellevue, have been conducting these investigations since 2008," Kierstead says. "Most of the suspects are foreign nationals, Romanian, Bulgarian and from other countries. We think some have traveled from Southern California, and that's why we're seeing more incidents here now."
Earlier in Sept., federal authorities arrested three suspects in Seattle for their alleged involvement in separate ATM skimming schemes that drained more than half a million dollars from retail customer accounts in at least six states.
Beneyam Asrat G-Sellassie, 22, of Seattle, Ionut Buzbuchi, 55, of Renton, Wash., and Mihai Eleckes, 35, of Issaquah, Wash., were charged for their alleged involvement in schemes that skimmed bank card details from ATMs, as well as card-readers used to access ATM vestibules outside branch lobbies. They also are thought to have recorded PIN details with miniature cameras installed near terminals and entry-access points.
Two more men were arrested and charged for their alleged involvement in yet another ATM skimming case that is believed to be connected to the theft of more than $1 million from area bank accountholders. [See 2 More ATM Skimming Suspects Jailed.]
Ismail Sali and Eugen Tirca, arrested Sept. 14, appeared in U.S. District Court on Sept.19, facing charges for possession of access device equipment. If convicted, each could face 10 years in prison and a $250,000 fine.
"Throughout the course of these investigations, authorities have seized forms for making card skimmers, fake face plates for ATM machines, gift cards, and electronic equipment for encoding stolen account data onto the cards," says U.S. Attorney Jenny A. Durkan, who chairs the Justice Department's Cybercrime and Intellectual Property Enforcement working group.
Authorities, during their raid of Sali and Tirca's residence in the Seattle suburb of Kirkland, also found documents tying Sali to defendants who had previously been arrested and prosecuted for skimming activity.
"We were running investigations for some time, and then we began to tie a lot of the evidence together," Kierstead says. "We did have a series of arrests that we were working on, and then some bank officials and retailers noticed some suspicious activity, and it all came together at once."
Kierstead can't say with certainty why Seattle has become such a target for skimming. "I know this is a very affluent area," he says, and that likely made the area attractive to fraudsters.
What he can say with certainty is that law enforcement is getting serious about cracking down on skimming crimes. "These PDs, whether in Bellevue or Redmond or Kirkland, etc., if they get a call about suspicious activity, they move quickly on it."
When authorities arrested G-Sellassie, he was trying to use counterfeit cards at a Chase Bank branch ATM. Chase security personnel caught him on surveillance and immediately contacted authorities.
Kierstead says ATM video surveillance also led to an arrest in December at a bank in Redmond, another Seattle suburb. "We have good surveillance, but surveillance is not watched in real-time," he says. "It's usually only watched when you suspect something suspicious."
6 Tips for Fighting the FraudstersA few things stand out about all of the incidents that led to the Seattle arrests. Banking/security leaders in other regions are urged to take these tips into consideration:
- Fraudsters are Savvy to Surveillance - The fraudsters know banks and credit unions don't watch surveillance footage in real-time, and according to the modus operandi used in the three separate schemes authorities in Seattle brought to light this month, criminals are using that knowledge to their advantage.
- Incidents Occur Quickly - In the case of Sali and Tirca, ATM surveillance video at a U.S. Bank branch caught two suspects believed to be Sali and Tirca placing a skimming device and then removing it three hours later. "Most of the time, the people conducting these kinds of schemes are putting the device on and then removing it in a couple of hours," Kierstead says. "It's expensive equipment, so don't leave it there too long. Other times, they remove it because they just have to replace batteries."
- No Wireless Technology - Wireless or Bluetooth technology were not used in any of the known Seattle incidents. All of the confiscated devices were programmed to locally store card details. "I think this method is used more often because it is safer," Kierstead says. "If they have to stay around the area, to collect the card numbers with a wireless connection, it's more dangerous for them."
- Branch ATMs Preferred - In all of the cases, drive-up, walk-up and vestibule ATMs were the targets. Easy access, high transaction volumes, relative to off-premises or retail ATMs, and the ability to manipulate the terminals after-hours made them prime targets. In the G-Sellassie and Buzbuchi-Eleckes cases, the schemes involved skimming bank-card details at ATMs as well as at card-readers used to access ATM vestibules.
The method proved effective for G-Sellassie, whom authorities believe is connected to more than 20 skimming incidents in Washington, Oregon, California and Nevada - incidents that likely compromised as many as 1,800 accounts and affected 573 accountholders through fraudulent ATM withdrawals and debit purchases. Losses so far total more than $394,000.
- Certain Makes Targeted - Criminals also are believed to be targeting certain ATM makes and models. Buzbuchi and Eleckes, who have been on law enforcement's radar since 2009, allegedly waged skimming attacks in Washington, Idaho and Arizona, where they targeted BECU, Watermark Credit Union, First Tech Credit Union and Chase ATMs. The losses attributed to their alleged scheme are believed to total more than $160,000.
"They do surveillance on an ATM before they hit it. They spend time making the facades to match the ATMs, so there is a limited number of facades they can make," Kierstead says. "I would say those banks all probably had similar equipment, since it would be easier for them to hit those banks with the facades they had created."
- Merchants Can Help Detect Fraud - Much of the fraudulent activity that hit accounts was perpetrated via debit purchases, especially in the Sali-Tirca scheme. Sali and Tirca were reportedly caught by retail surveillance using counterfeit cards for grocery purchases at Safeway and Albertson's. They were even brazen enough in some cases to tap their loyalty cards for purchases they made with stolen card details.
It's not likely those retail locations were not checking Sali's and Tirca's driver's licenses or I.D.s to confirm the names on the cards and the names on the I.D.s matched. Even a double-check of the loyalty card to the card number would have raised a red flag. "We don't believe they had created fake I.D.s to match details of the stolen cards," Kierstead says, though Sali and Tirca did have known aliases. "But I don't believe checking with the I.D.s at the time of purchase was a common practice."