By Launce Moses
Last week we looked at the commonly used tricks by ATM fraudsters such as Phishing, Shoulder Surfing and Social Engineering. This week we will delve deeper into the more sophisticated tricks used.
Skimming is a process where the magnetic stripe (magstripe) at the back of your card is copied using a skimming machine. The major source of skimming is through merchant establishments where you hand over your card to the merchant and in some instances the card is taken out of your sight for a moment.
It is during this period that fraudsters are likely to copy the data from the magnetic stripe of your card after having watched you enter your PIN when he brings across the terminal to you. Restaurants, hotels and bars are the most common place where these types of transactions occur and skimming is likely to take place through assistance from dishonest employees. With card details and the PIN number, the fraudster is able to prepare a counterfeit card that is used to defraud the account.
More sophisticated skimming fraud occurs when a fraudster attaches a skimming device to the receptacle that receives the card at an ATM machine. This device is configured to look like a part of the ATM machine. The PIN number is observed by a member of the fraud ring and in the more sophisticated crimes, through a camera fixed by the fraudster in such a way that the key pad is tracked and the PIN is captured on camera. This sophisticated type of ATM fraud is popular in off-site ATMs where there is less security around the ATM.
Banks are however able to detect it nowadays through the use of Fraud Early Warning Systems (FEWS) which have the capability to data mine the transactions from a defrauded account over a period of time to arrive at the possible points of compromise.
There are a few simple precautions that can help you to avoid falling prey to skimming.
1.Â Â Â Never let your card out of your sight. If you are in a restaurant, request for the Point of Sale (POS) terminal to be brought to your table.
2.Â Â Â Always shield the key pad while entering your PIN.
3.Â Â Â When you use the ATM machine, check that the card slot does not have any attachment â€“ most ATMs look similar. If you are uncomfortable â€“ use another ATM machine.
At present, there is little evidence to suggest that skimming is prevalent in Nigeria. However, to be forewarned is to be forearmed!
Hacking – Online Purchases
The internet is now frequently used to make purchases and other transactions where the card is not physically presented to the merchant. These transactions are called Card Not Present (CNP) transactions.
All that is required for a purchase over the internet, email or telephone are your card details and PIN. Some cards have an additional 3 or 4 digit security code at the back which is used on such transactions.
The site where you use your card to make purchases may not be a secure site and any data that you enter onto that site could be compromised. In more sophisticated hacking crimes, websites of genuine and high profile merchants have had their systems hacked with fraudsters stealing thousands of customersâ€™ card data in one attack. This data is then used to either prepare counterfeit cards or for further web purchases.
To protect against this type of theft, do not visit web sites that are not â€˜secureâ€™. Look for sites that have a â€˜Verified by Visaâ€™ or â€˜MasterCard SecureCodeâ€™ sign for example. If you are unsure of a site, avoid making that purchase.
Carding is a process where the fraudster tries to verify the card details that are in his possession through making a small transaction, typically on the web, to check if the card details are genuine and that the card is not closed. Quite often a charitable institution website is used and a small charitable contribution is made by the fraudster. Once the transaction is successfully consummated, the fraudster knows that the card account is active and proceeds to defraud the account.
This is a common occurrence today where a number of websites are continuously used by fraudsters to break into customer accounts. Sometimes, the fraudster may only have the card number but does not have the PIN details and he keeps trying out different combinations in an attempt to guess the PIN. Alternatively, the fraudster uses the Mobile platform instead of the internet to complete the carding process.
This highlights the need to use a PIN that is not easy to guess. And yes â€“ your year of birth is not a strong PIN! Next time you visit the ATM, change the PIN to a stronger PIN that is difficult to guess.
Launce Moses, Group Director, Audit & Control, United Bank for Africa Plc