SHIMMING, NOT SKIMMING Savvy bank Fraudsters always a step ahead of technology.

Cyber crimes and ATM frauds are on the rise now. An in depth probe into this is the need of the hour. In Kerala, a lot of ATM's were hacked by international fraudsters and many lost their hard-earned savings. Due to the current demonetisation, more and more people are bound to make payments using their debit or credit cards.

But on analysing the safety aspect of the scenario many ATM'S in and around Chennai also revealed some glaring drawbacks. A majority of the ATM's had no security guards and some have hidden cameras that don't work. Some ATM's were located in places off the busy main roads making them vulnerable for fraudsters to commit their crimes without fear of being noticed with the alarming levels of International fraudsters on the rise. Recently three Romanian nationals were involved in hacking the ATM's in Kerala. The police managed to apprehend one of these culprits in Delhi and from his confession, it came to light the brain behind these hackings was done in Romania.

Banking frauds in Tamil Nadu is on the increase of late. Skimming, phishing, key-loggers and rainbow table attacks account for more than 90% of bank frauds, also based on recent reports Tamil Nadu comes second to Maharashtra in terms of skimming of debit cards, check tampering, tampering of ATM's and hacking of banking websites. But in case of bank theft and dacoity, there were less cases when compared to other states.

The credit card with the chip in your wallet is supposed to be safer than the old magnetic strip version. Skimming devices are a gold mine for thieves. One swipe is all they need to access all of the private details stored on the magnetic strip of your credit or debit card. That’s why the credit card companies introduced the new chip card with promises of greatly improved security. Although no matter how smart the chip cards are supposed to be, experts said some even smarter thieves may already be outwitting them. Hence no technology is perfect.

Scammers always find a way to compromise on chip security features to steal information stored on credit cards and bank cards. Through a new technique called “shimming”, a neighbouring friend of “skimming”, scammers no longer have to rely on external attachments on ATM's or credit card-readers. Shimmers are small enough to fit inside the regular card slot. They act as an interface between the chip reader and the chip in any card inserted into the reader. Once the card has been inserted, the shimmer will easily read the information on the chip as it is passed to the card reader.

In a recent encounter with a victim, "Rs. 33,500 was siphoned off my account at midnight. It was only early in the morning that I read the messages in my mobile where four withdrawals were made from my savings account which had a total of Rs 33,800," said Ashwin Suthanthiraraj, a student from D.G. Vaishnav College, Chennai. This was a clear case of cloning of debit card since of cloning of debit card since Ashwin had the original card with him. This is done by hackers who use card reader-writers from sites like Amazon and Flipkart.

"A magnetic card can be copied onto a dummy card with a card reader writer and a laptop. And when the debit card is swiped on the reader-writer, the software collects the data on the card. If the blank card is swiped, all the data is transferred to the blank card which becomes a clone of the original debit card”, said Amju Kurien, an ethical hacker.

Phishing has increased in the state wherein fraudsters dupe bank customers in getting their passwords, credit cards numbers etc. It is mostly the senior citizens that fall prey to this. "Somebody asked me over the phone the details of my card stating the bank wanted to transfer the pension amount of my father to my account. I promptly gave my details and the next day Rs 2,30,000 was siphoned off my account from somewhere in Haryana," said the late Nirmal Shekar, Sports Editor of The Hindu.

The fraudsters in this case tie up with the database providers so that they have details like your full name, father's name, date of birth etc. On enquiring an ICCI bank official, he said that these fraudsters manage to get the details of customers from database providers and use them to get past the security checks of banks while we look at other feasible methods.

The cloning of debit cards is another popular method used by hackers who do it with the help of card reader-writers. A magnetic card can be copied onto a dummy card and when the debit card is swiped on the card reader writer, all the data can be collected. If the data is transferred to the blank card moving on to Internal frauds are also another which are done by the employees who fail to achieve the targets set by the private banks.

Recently, an employee used unused credit cards to withdraw nearly Rs 30 crores. Since most banks have an incentive-based salary for employees, the culprits happen to be those who underperform. "Yes, there have been stray incidents before but the National Payments Corporation of India has come up with a lot to initiatives to counter fraud," said S. Mathew, Manger of Federal Bank. Most of the managers of private banks however refused to comment saying that the branch office has no say in this and it is for the corporate office to reveal any case of fraud. A check on non-performance employees could help to prevent this.

A personal account as registered by Mr. Rakesh Ravi, an employee with Microsoft, Hyderabad was shocked to find that Rs 2,00,000 was siphoned off his savings account. "I was in Hyderabad when I received the text message that 2 lakhs was withdrawn from my account from a person in Nigeria. I had raised a dispute for Rs 1,84,250 for transactions on my debit card without my consent. I had submitted all the required documents through the bank. In fact they only did the scanning of all documents and the ICICI Microsoft branch in Gachibowli, Hyderabad. I also attached my boarding passes too from Lagos to Dubai and Dubai to Hyderabad to prove that the fraud transactions had all happened just after I boarded the air plane", he added. Rakesh was later refunded the amount in a month's time as he had proof of being in a different country during the time when the transaction took place.

Due to such incidents, problems like this have now been rectified by banks. For instance, if your card has been used in Chennai, you can't use the card in Hyderabad within 40 minutes. "As soon as you receive a message in your mobile of any unauthorised withdrawals, rush to your nearby ATM and take a statement. This will act as proof that you were far away from the place where the fraudsters hacked your account," said Padmaja S, an officer at the Cyber Crime Cell. But despite all security measures, ATM frauds are still on the rise. "The reason for this is many ATM's are at secluded places which have no security guards," added Padmaja.

As per the data available by Reserve Bank of India, 13,083 cases were reported in India in 2014-15 and 16,468 cases in 2015-16 said P.P. Chowdhary, Minister of State for Law in the Rajya Sabha. Despite reminders from banks not to disclose their ATM pin numbers, online fraud continues to increase. "Crimes committed by fraudsters at the ATM's in Chennai are on the rise. We receive a lot of complaints a day", said a senior officer, at the cyber cell division. "Most banks refund the money after they receive our FIR provided the complaint is genuine", he added.

"In order to investigate this dispute, we require one to submit few documents in the nearest bank branch within 48 hrs such as the customer dispute form, a clear photo copy of your debit card, a photo ID proof, clear copies of complete valid passport or any proof of presence like-HR letter/Post Paid Bill/Hotel Stay Bill/Any bank transaction on the same day of unauthorised transaction. The reversal of the amount will be only be subject to the investigation report," says D. Madhavi, a customer service officer, ICICI Bank, Chennai.

On further analysis there was one instance when a person complained that his debit card was used for a purchase of Rs 40,000 without his knowledge. Enquiries revealed that the transaction was made near Stella Maris College. The police zoomed in on a girl studying in Stella Maris who happened to be a friend of the complainants daughter. On hearing this, the complainant's daughter revealed that she had handed the debit card to her to make a payment for an examination fee online along with other instances of near and dear one's misusing their parents debit or credit cards. Thus it is of prime importance that the pin numbers be frequently changed to avoid such frauds, in order to put an end to the fraudulent practices, banks are taking precautionary methods like switching from magnetic strips to EMV-enabled chip cards.

A check on non-performing employees of banks is also being monitored. It is also safe for individuals to take precautionary methods. One should not reveal his pin number, check transaction alerts immediately and inform the bank if you have not made the transaction and check whether any visible extra devices are attached to the ATM. Also, one has to watch out for suspicious movements of strangers at ATM's.

These security breaches have cost the banks more than Rs 2 crores. Banks are now taking evasive action like issuing new cards. A switch from magnetic stripe to EMV- enabled chips has also been made to reduce the risk. While we gather the necessary databased on the estimates from the National Payment Corporation of India (NPCI), customers have lost more than four crores. But most banks have said their systems were safe. The platforms these banks use for debit cards –Master-card, Visa and RuPay have also washed their hands off the crisis. The RBI guidelines state that any losses incurred by any customer on account of breach of security shall be borne by the bank.

Created By
Anjana Girish
Appreciate

Report Abuse

If you feel that this video content violates the Adobe Terms of Use, you may report this content by filling out this quick form.

To report a Copyright Violation, please follow Section 17 in the Terms of Use.