[sbinews] Living And Fighting With ATM Frauds (Financial Express)

  • From: "Rajendra S. Pai" <rspai9@xxxxxxxxx>
  • To: sbinews@xxxxxxxxxxxxx
  • Date: Sun, 20 Jun 2004 20:47:16 -0700 (PDT)

Living And Fighting With ATM Frauds  
(Financial Express) 
Posted online: Monday, June 21, 2004 at 0000 hours IST

 The number of automated teller machines (ATMs) have
gradually increased over the past 2-3 years, in
keeping with the consumers? demand for convenience.
For a bank, opening and operation of an ATM helps in
curtailing costs normally incurred by it on bank
transactions. With this increase in the number of
ATMs, however, the negative side of technology ?
frauds ? have also gained predominance. Information
about such frauds is not new in India. What needs a
looking into is what is being done to prevent such
frauds: both on the part of the bank and on the part
of the vendor, who provides technology and networking
for the ATM. 

Types of Frauds
There are many ways by which a customer can be
defrauded. There is the ?Skimming Fraud?. In this kind
of fraud, a fake card-reader is fitted into the ATM
machine. When a customer enters the card in this
card-reader, it captures his card information and
sends it via remote wireless technology to a laptop
stationed nearby. When a person enters her PIN, a
hidden camera captures this on video and transmits it
to the laptop. The fraudster now has the card details
and also the PIN number. 

Another frequently-perpetuated fraud is the ?Lebanese
Loop Fraud?. Here, a magnetic tape along with a hook
is attached inside the card-reader. When the customer
inserts her card, the hook blocks his card inside the
machine. The scamster on the pretext of offering help,
suggests that the customer enter her PIN a couple of
times. Once the customer leaves the ATM, without being
able to get her card, the scamster removes the
magnetic strip and the card. This together with
information about the customer?s PIN number is used to
defraud her. 

?Shoulder Surfing? is very easy especially in a
country like India, where ATMs are crowded. Sometimes
even basic rules like standing behind the yellow line
are dis-regarded. 

?Web Spoofing? or ?Phishing?, is a fairly recent fraud
where a criminal sets up a fictitious web site which
looks authentic to the user. This can also be
accompanied by an email with a link to the fictitious
site. The victim is requested to give her card
identity number, PIN and other information which is
used to reproduce the card for use at an ATM. 

Wherever there is an electronic channel, there is
bound to be some misuse of it. As of now, there is no
clear-cut regulation governing ATMs in the country.
Unlike in the US, where ATM frauds are covered by an
e-fraud regulation, in India they are treated as a
general criminal act 
Safety Measures
In such a scenario, what are the safety nets
available? Education of customers is the most obvious
answer. When it comes to technology, the most basic
safety measure is the installation of digital cameras
in ATMs. The camera records details of card number,
transaction number, date and time of transaction on
the hard-disk of the ATM. 

Therefore, when the bank wants to check details of a
fraud, all it has to do is go back to the transaction
and view data. Second is having a security guard at
the ATM. The guard, however, has very little authority
since the ATM is in a public access area. The most he
can do is to ensure that a person leaving an ATM with
cash is not assaulted. 

The third would be the use of privacy filters,
especially at ATMs which are placed outside. The use
of such screens prevents a person standing behind a
customer from seeing her transaction information from
the sides. A privacy panel could also be installed in
such ATM?s by which other people can?t see the PIN
number a customer is using. 

How many of these measures are actually being
followed? Less than 50 per cent of all banks ? public,
private, foreign ? even have basic facilities like a
digital camera say industry sources. So, in case of a
fraud, who bears the blame? ?It is a very thin line,?
says Euronet Services Pvt India Ltd?s managing
director, Loney Antony, adding, ?If it relates to some
security issue in the ATM which has been overlooked by
the vendor, he obviously bears the responsibility.? 

However, considering India is leap-frogging in
technology, there is complete encryption of messages,
encryption of hardware and software to ensure that
there is no negligence on the part of the vendor.
?What we must keep in mind is that a fraud, if done,
will be done to outsmart existing technology,? notes
Mr Antony. 

Officials at Standard Chartered Bank which has 117
ATM?s witness an average footfall of 150-200 per day.
?All our ATMs have digital cameras. There is a hotline
which the customer can use to call the bank. None of
our ATMs are situated outside. The chances for fraud
are very minimal at the moment in India,? says an
official at the bank. 

NCR India ensures that all the technologies it
provides are compliant with global standards.
?Although, we provide the technology, it is up to
banks whether they want to enable their ATMs or not,?
says NCR India managing director Deepak Chandnani. 

At present, some of the anti-fraud technology that
they provide in India are encrypted PIN Pads, which
encrypt data directly behind the PIN pads and
?Enhanced Shutter Security? which detects if there is
something inserted that keeps the card reader shutter
open when it should be closed. Another technology,
which is currently under R&D, is the use of mobile
infra-red technology. With the help of a mobile phone,
now all a customer has to do is to use his mobile at
an ATM center to withdraw cash. This will ensure
convince, speed and most of all security. 

The smart-card is being mooted as another anti-fraud
technology. According to officials at MasterCard,
smart-cards will have an in-built feature on the chip
which will ensure that the card is genuine and has
been issued by the bank. Further, multi-chip cards can
carry applications amongst which one of the
applications can be used to authenticate the
cardholder. An example of this is biometric
verification such as finger print, iris profile, voice
or even face recognition. This technology is, of
course, still under research and considering the huge
costs involved, it may take a considerable period of
time before banks in India are able to implement them.

At present, accounting for only around 0.2 per cent of
all transactions in the country, ATM frauds may not
seem like a cause for concern. 

However, as S2S Consulting managing director Sunil
Udupa says, ?It would not be wrong to say that ATM
frauds have gained prominence in India in the last one
year. Where there is an electronic channel, there will
be some misuse of it. As of now, there is no clear-cut
regulation governing ATMs in the country. Unlike in
the US where ATM frauds are covered by an e-fraud
regulation, in India they are treated as a general
criminal act governed by the IPC. It is better to
prevent such crimes at the outset itself.? 

Web Address: http://rspai.tripod.com

Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
Mailing list (sbinews@xxxxxxxxxxxxx) related information:

News/articles about SBI and Banking related matters published  in the print 
media, Internet etc will be circulated through this Mailing List. 

The messages in this list will help in improving awareness of SBI and its 
activities vis-a-vis the happenings in the Banking industry. This should be of 
help to all staff members of SBI, particularly those who are preparing for 
promotional written tests/interviews/group discussions. Subscription to this 
Mailing List is simple and FREE. Please check the procedure below. Please share 
this information with other colleagues/branches that could be interested in 
subscribing to this Mailing List. 

The messages circulated here should not be deemed to have the official 
endorsement of the SBI or any of its employees. The correct factual position 
may be ascertained from official sources. 

To join this mailing list, just send an email to sbinews-request@xxxxxxxxxxxxx 
with the word 'subscribe' without the quotes in the subject of the email 

To leave this mailing list, just send an email to sbinews-request@xxxxxxxxxxxxx 
with the word  'unsubscribe' without the quotes in the subject of the email 

Archives (old messages) are available for viewing at:
Click on the month-year at the lower left corner to view messages posted during 
that month. 

This is an announcements/newsletter type mailing list i.e. only the Moderator/s 
can post messages to the list. 

This mailing list is maintained and moderated by Sri. R.S.Pai, currently 
working as Chief Manager(IT-Internet Banking), SBI, Corporate Centre, Mumbai. 
Visit http://rspai.tripod.com for some useful Banking, Reference and Utilities 

Other related posts:

  • » [sbinews] Living And Fighting With ATM Frauds (Financial Express)