NOTE: SBINEWS DOES NOT PERMIT CIRCULATION OF ATTACHMENTS. ATTACHMENTS, IF ANY, CIRCULATED WILL BE ONLY BECAUSE OF VIRUSES. PLEASE,THEREFORE, IGNORE ATTACHMENTS IF ANY IN SBINEWS MESSAGES ************************************************************************ Living And Fighting With ATM Frauds (Financial Express) SUNANDA JAYASEELAN Posted online: Monday, June 21, 2004 at 0000 hours IST The number of automated teller machines (ATMs) have gradually increased over the past 2-3 years, in keeping with the consumers? demand for convenience. For a bank, opening and operation of an ATM helps in curtailing costs normally incurred by it on bank transactions. With this increase in the number of ATMs, however, the negative side of technology ? frauds ? have also gained predominance. Information about such frauds is not new in India. What needs a looking into is what is being done to prevent such frauds: both on the part of the bank and on the part of the vendor, who provides technology and networking for the ATM. Types of Frauds There are many ways by which a customer can be defrauded. There is the ?Skimming Fraud?. In this kind of fraud, a fake card-reader is fitted into the ATM machine. When a customer enters the card in this card-reader, it captures his card information and sends it via remote wireless technology to a laptop stationed nearby. When a person enters her PIN, a hidden camera captures this on video and transmits it to the laptop. The fraudster now has the card details and also the PIN number. Another frequently-perpetuated fraud is the ?Lebanese Loop Fraud?. Here, a magnetic tape along with a hook is attached inside the card-reader. When the customer inserts her card, the hook blocks his card inside the machine. The scamster on the pretext of offering help, suggests that the customer enter her PIN a couple of times. Once the customer leaves the ATM, without being able to get her card, the scamster removes the magnetic strip and the card. This together with information about the customer?s PIN number is used to defraud her. ?Shoulder Surfing? is very easy especially in a country like India, where ATMs are crowded. Sometimes even basic rules like standing behind the yellow line are dis-regarded. ?Web Spoofing? or ?Phishing?, is a fairly recent fraud where a criminal sets up a fictitious web site which looks authentic to the user. This can also be accompanied by an email with a link to the fictitious site. The victim is requested to give her card identity number, PIN and other information which is used to reproduce the card for use at an ATM. Wherever there is an electronic channel, there is bound to be some misuse of it. As of now, there is no clear-cut regulation governing ATMs in the country. Unlike in the US, where ATM frauds are covered by an e-fraud regulation, in India they are treated as a general criminal act Safety Measures In such a scenario, what are the safety nets available? Education of customers is the most obvious answer. When it comes to technology, the most basic safety measure is the installation of digital cameras in ATMs. The camera records details of card number, transaction number, date and time of transaction on the hard-disk of the ATM. Therefore, when the bank wants to check details of a fraud, all it has to do is go back to the transaction and view data. Second is having a security guard at the ATM. The guard, however, has very little authority since the ATM is in a public access area. The most he can do is to ensure that a person leaving an ATM with cash is not assaulted. The third would be the use of privacy filters, especially at ATMs which are placed outside. The use of such screens prevents a person standing behind a customer from seeing her transaction information from the sides. A privacy panel could also be installed in such ATM?s by which other people can?t see the PIN number a customer is using. How many of these measures are actually being followed? Less than 50 per cent of all banks ? public, private, foreign ? even have basic facilities like a digital camera say industry sources. So, in case of a fraud, who bears the blame? ?It is a very thin line,? says Euronet Services Pvt India Ltd?s managing director, Loney Antony, adding, ?If it relates to some security issue in the ATM which has been overlooked by the vendor, he obviously bears the responsibility.? However, considering India is leap-frogging in technology, there is complete encryption of messages, encryption of hardware and software to ensure that there is no negligence on the part of the vendor. ?What we must keep in mind is that a fraud, if done, will be done to outsmart existing technology,? notes Mr Antony. Officials at Standard Chartered Bank which has 117 ATM?s witness an average footfall of 150-200 per day. ?All our ATMs have digital cameras. There is a hotline which the customer can use to call the bank. None of our ATMs are situated outside. The chances for fraud are very minimal at the moment in India,? says an official at the bank. NCR India ensures that all the technologies it provides are compliant with global standards. ?Although, we provide the technology, it is up to banks whether they want to enable their ATMs or not,? says NCR India managing director Deepak Chandnani. At present, some of the anti-fraud technology that they provide in India are encrypted PIN Pads, which encrypt data directly behind the PIN pads and ?Enhanced Shutter Security? which detects if there is something inserted that keeps the card reader shutter open when it should be closed. Another technology, which is currently under R&D, is the use of mobile infra-red technology. With the help of a mobile phone, now all a customer has to do is to use his mobile at an ATM center to withdraw cash. This will ensure convince, speed and most of all security. The smart-card is being mooted as another anti-fraud technology. According to officials at MasterCard, smart-cards will have an in-built feature on the chip which will ensure that the card is genuine and has been issued by the bank. Further, multi-chip cards can carry applications amongst which one of the applications can be used to authenticate the cardholder. An example of this is biometric verification such as finger print, iris profile, voice or even face recognition. This technology is, of course, still under research and considering the huge costs involved, it may take a considerable period of time before banks in India are able to implement them. At present, accounting for only around 0.2 per cent of all transactions in the country, ATM frauds may not seem like a cause for concern. However, as S2S Consulting managing director Sunil Udupa says, ?It would not be wrong to say that ATM frauds have gained prominence in India in the last one year. Where there is an electronic channel, there will be some misuse of it. As of now, there is no clear-cut regulation governing ATMs in the country. Unlike in the US where ATM frauds are covered by an e-fraud regulation, in India they are treated as a general criminal act governed by the IPC. It is better to prevent such crimes at the outset itself.? ===== From: R.S.Pai Web Address: http://rspai.tripod.com __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail *************************************************************************** Mailing list (sbinews@xxxxxxxxxxxxx) related information: News/articles about SBI and Banking related matters published in the print media, Internet etc will be circulated through this Mailing List. The messages in this list will help in improving awareness of SBI and its activities vis-a-vis the happenings in the Banking industry. This should be of help to all staff members of SBI, particularly those who are preparing for promotional written tests/interviews/group discussions. Subscription to this Mailing List is simple and FREE. Please check the procedure below. Please share this information with other colleagues/branches that could be interested in subscribing to this Mailing List. The messages circulated here should not be deemed to have the official endorsement of the SBI or any of its employees. The correct factual position may be ascertained from official sources. To join this mailing list, just send an email to sbinews-request@xxxxxxxxxxxxx with the word 'subscribe' without the quotes in the subject of the email message. To leave this mailing list, just send an email to sbinews-request@xxxxxxxxxxxxx with the word 'unsubscribe' without the quotes in the subject of the email message. Archives (old messages) are available for viewing at: //www.freelists.org/archives/sbinews Click on the month-year at the lower left corner to view messages posted during that month. This is an announcements/newsletter type mailing list i.e. only the Moderator/s can post messages to the list. This mailing list is maintained and moderated by Sri. R.S.Pai, currently working as Chief Manager(IT-Internet Banking), SBI, Corporate Centre, Mumbai. Visit http://rspai.tripod.com for some useful Banking, Reference and Utilities Links