Criminals are embracing methods to trap debit and credit cards in ATMs for retrieval later, a move believed to be motivated by better security measures designed to ensure card details are not copied at the machines, according to an industry group.
The so-called "cash trapping" activities surged in 11 European countries for the first six months of this year, according to the European ATM Security Team (EAST), with members including banks, card associations and law enforcement. EAST's survey covers more than 385,000 ATMs in 23 European countries.
The rise in cash trapping contributed to a near doubling of recorded ATM fraud attacks, EAST said. A total of 11,220 incidents were reported through the end of June, compared to 6,649 attacks for the first six months of last year.
Of the attacks this year, some 6,756 were due to cash trapping. While the number of incidents increased, EAST said the type of fraud is still just 0.4 percent of fraud-related losses, amounting to less that €500,000 (US$690,000). EAST said total ATM fraud amounted to €112 million.
Cards can be trapped in ATMs in several ways. One method is to put a device on the machine that uses tape, wire or thread in order to hold a card in. Criminals can then retrieve cards using tweezers. The PIN can be obtained through observation or by putting an overlay device on the keypad that can record PINs.
For the same period, "skimming" attacks -- or ones where the magnetic stripe of a card is copied for encoding on a dummy card -- fell by 33 percent, to the lowest level in three years, EAST said. Many banks have retrofitted ATMs to make it more difficult to unobtrusively attach devices to the ATM to record the card details. Banks have also added warnings to avoid ATMs that may appear to have been tampered with.
Card trapping may prove less fruitful to criminals than skimming, because the victims immediately loses their cards and are likely to quickly get in touch with their banks.
But if a card is skimmed, bank customers are unaware. If victims fail to check their bank statements, a criminal could repeatedly withdraw money once at day at the card's limit until it is cancelled or the bank's anti-fraud systems determine something is fishy.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.