Could You Spot An ATM Skimmer?
Around lunchtime last Sunday, 5 April, a Melbourne woman decided to get some cash out from an ATM in Station Street, Sandringham. She noticed something odd about the machine and reported her suspicions to police, who confirmed that a card ‘skimming’ device was attached to the machine.
The device consisted of a card reader that could scan and store the information on the magnetic strips of ATM cards, plus a plastic strip attached to the top of the screen, which contained a small video recorder to capture users typing in PINs.
Forget Eddie Furlong and his magic Atari; these two pieces of information are all organised criminals need to get “easy money”. In many cases, they simply return to an ATM and withdraw money using the customer details they’ve previously harvested.
If you’re anything like us, you don’t usually pay much attention to ATMs unless they are uttering those immortally infuriating words, “Insufficient Funds”, and you don’t inspect every transaction on your monthly statement. But you probably should, because ATM skimming has become increasingly prominent in Australia over the last few months.
These incidents are being linked to a global operation targeting Australia; Australian Federal Police are working with police forces in four states. In Perth, three devices have recently been discovered on Commonwealth Bank and BankWest machines. NSW Police believe as many as 40 Sydney ATMs have been tampered with, and one device in Cairns was discovered before it had captured any information.
In Melbourne, eight ATMs across the CBD and suburbs have been targeted since February. One device on an ANZ machine at 353 Elizabeth Street, Melbourne, was discovered in late March and is believed to have scanned about 5000 cards intermittently over the previous two months, netting almost $1 million.
Seven Romanian men have been charged over skimming offences: two in Sydney and five in Melbourne. Awesomely, an air-conditioning repairman unwittingly cracked the case when he was working in a Potts Point hotel room and found skimming equipment concealed in an air-conditioning duct. Victoria Police are now seeking public assistance to identify six more men photographed at ATMs around Melbourne.
ANZ spokeswoman Vanessa O’Shaughnessy told The Enthusiast that the bank’s security team worked very closely with police on the investigation, and acted quickly to refund money to over 400 of its customers.
“On discovering the device ANZ immediately identified and placed restrictions on the potentially affected customer’s cards and we have been contacting customers by phone to let them know and to replace their cards,” O’Shaughnessy said. ANZ monitors and notifies its customers of potentially suspicious transactions under its Falcon anti-fraud protection scheme.
“Also, we cooperate with all the other banks and the ABA [Australian Bankers' Association],” O’Shaughnessy added. “We have notified other banks where we believe their cardholders may have been affected. Non-ANZ customers who believe they may be affected by this fraud should contact their bank.”
Meanwhile, National Australia Bank spokeswoman Luisa Ford told The Enthusiast: “No NAB customer will be left out of pocket if they fall victim to genuine cases of fraud. We encourage our customers to contact us immediately if they suspect or detect anything unusual with their transaction accounts or credit cards.”
NAB ATMs are fitted with “Physical Skimming Protection” deterrent systems, along with other anti-skimming measures for detecting suspicious transactions. However, for security reasons the bank declined to give The Enthusiast further details of what these measures involve.
We also contacted Westpac for information on their approach to skimming, but they didn’t respond before deadline.
But how easy are skimming devices to spot? Several weeks ago, a guide to identifying them, prepared for internal Commonwealth Bank usage by protective security advisor Simon Grubisic, began circulating to the public via email. It can also be viewed online as a slide show.
Commonwealth Bank spokesman Steve Batten confirmed for The Enthusiast that this was a legitimate company document, and provided us with a slightly tweaked version intended for the public. However, Batten didn’t get back to us before deadline to explain where Commonwealth Bank customers could access the PDF file.
The Commonwealth Bank document advises that skimming devices are usually attached late at night or first thing in the morning, when there’s less foot traffic around the ATM. The criminal then waits near the ATM and receives customers’ information as it is transmitted by the devices, or returns later in the day to retrieve the devices and download the information later.
Skimming devices are piggy-backed on the card reading slot, and can be quite convincingly designed to blend in with the rest of the ATM. They range in size from small components that only cover the throat of the slot, to large ones that also include a false receipt slot.
However, some are hastily installed and can be spotted because they don’t appear properly attached to the machine. It’s also a dead giveaway if you approach the ATM and can’t see the flashing light that should normally show around the card slot. Most skimmer devices will obscure the light.
PIN capturing devices can be disguised in false panels on the flat sides and top of the machine, or within an entire false keyboard that records impressions from your fingertips. The additional panels contain tiny holes through which hidden cameras record. In one recent Australian case, the panel was improperly secured and a mobile phone fell out while a customer was using the ATM.
Other ways to pick an ATM fitted with skimming devices are if it has odd scratches, marks, adhesive or tape residues. If the slots, the lighting or the keypad don’t look or feel quite right, this may also be a giveaway.
But a criminal needs both your card data and your PIN to access your account. So as the ANZ’s O’Shaughnessy recommends, “A really, really simple way to get around it is to cover your hand when you put in your PIN.”
No related story.