How Fraudsters Conceal ATM FraudKnowledge of Bank Systems, Devices Aids Criminals
A recent ATM fraud scheme that targeted banks in New York, New Jersey and Connecticut illustrates just how sophisticated these types of attacks have become.
While the skimming devices and equipment used in these kinds of attacks have not changed much over the years, the criminals' methods have become far more sophisticated, experts say. For example, as fraudsters gain more knowledge about how banks and processors route and review ATM transactions, they can more effectively keep their schemes concealed.
On Nov. 6, federal authorities announced guilty pleas filed by two Romanian natives who helped orchestrate the tri-state skimming scheme that defrauded consumer bank accounts of more than $5 million. From 2012 to early 2013, Ioan Leusca, a.k.a. Ionel Spinu, and Dezso Gyapias installed skimming devices and pinhole cameras used to capture PINs as they're entered on a keypad at numerous ATMs, according to the U.S. Attorney's Office in New Jersey.
Leusca and Gyapias, along with other conspirators, then later used the card details they collected to create fake ATM/debit cards that were used to make fraudulent withdrawals.
Citibank ATMs were the primary targets for the fraudulent withdrawals, authorities say. Some $985,000 was withdrawn from Citi ATMs. Matt Riley, spokesman for the U.S. Attorney's Office, says other ATMs were likely targeted as well, although no other bank was specifically noted in his office's announcement of the guilty pleas.
Leusca and Gyapias admitted to the roles they played in collecting skimming devices from tampered ATMs after they had recorded card information. Each was charged with conspiracy to commit bank fraud and aggravated identity theft, court records show.
Each now faces a sentence of up to 30 years in prison and a $1 million fine for the bank fraud conspiracy charge and up to two years in prison and a $250,000 fine for the aggravated ID theft charge. Sentencing is scheduled for Feb. 20.
Eight others also have been charged as part of a wider scheme that included Leusca and Gyapias. Of those eight, seven have been taken into custody, authorities says.
Detecting the Fraud
Citi discovered the fraudulent ATM transactions and immediately took action, says Brent Andrew, a spokesman for the bank.
"We discovered the scheme through our regular security procedures, and we worked with the authorities throughout their investigation," Andrew says. "As is generally the case, none of the impacted customers are responsible for the fraudulent activity, and they have been made whole."
John Buzzard, who oversees FICO's Card Alert Service, says fraudsters are increasingly targeting specific banking institutions and brands to help conceal their attacks.
Thus, the quick detection and containment of these types of schemes can have a dramatic impact on subsequent fraud losses, Buzzard says.
"Fraudsters have been known to skim and then later sort out bank identification numbers (BINs) and utilize the cards for fraudulent ATM withdrawals at the issuer's proprietary ATMs," he says. "This form of subversion can distort the perception of the transaction, making it appear as normal, customer-initiated activity. Eventually, patterns form and the fraud is discovered and contained, but it might take longer and the losses could add up quickly if the criminals stick to lower dollar amounts and mimic more typical consumer withdrawal behavior."
One ATM fraud executive at a mid-sized regional bank in the Midwest, who asked not to be named, says attackers often return to the scene of the crime, targeting branches and off-site locations they've hit before.
"The fraudsters can be driven to ATMs where they have had success before, just like a normal customer. If their experience is good, they will return; if not, they will go elsewhere," the executive says. "Also, different ATMs, whether controlled at the hardware or processor-software level, can dispense different amounts. The fraudsters often know this information and usually target heavy-volume ATMs that usually have more funds."
Skimming Attacks to Increase
Experts expect skimming attacks to increase in over the next 18 to 24 months as the United States' migration toward enhanced payment-card technology that complies with the Europay, MasterCard, Visa standard ramps up (see ATM Malware: Sign of New Trend?).
That's because this migration will eventually lead to far less use of magnetic-stripe cards, which are more vulnerable to skimming. Until then, banking institutions should encourage customers to cover ATM keypads when entering their PINs and to notify their banks and credit unions immediately if they notice anything unusual, such as something attached to the ATM, experts say.