“ATM fraud is growing around the globe, with massive attacks being orchestrated abroad in recent years using malware and coordinated cyber schemes to steal millions.” –ATM Fraud, Increasingly Organized, Aite Group, November 2016
Skimming at ATM terminals is on the rise. Criminals place a device over an existing card reader to record card data, which is then transferred to another card to make fraudulent purchases. News coverage has shown that no city, state, or region is immune. From 2014 through 2015, FICO noted a 546% increase in the number of U.S. ATMs that were compromised overall, with skimming the top culprit.*
This isn’t something Synergent is only hearing about – we have responded to skimming attacks. Rebekah Higgins, Vice President of Payment Services, has become a frontline responder, resource, and educator on ATM skimming and what measures credit unions can take to protect their members:
1. Install anti-skimming software on ATM terminals.
Installing anti-skimming software allows for quick detection of any modifications made to a terminal’s card reader. However, installation is not the last step. Continue to conduct regular tests to ensure it is working properly. Synergent Payment Services can assist your credit union in consulting with the best software vendor for your needs.
2. Inspect your ATM terminal regularly.
Check for obvious signs of tampering at the top of the ATM, near the speakers, the side of the screen, the card reader, and the keyboard. Look for anything that seems different, such as a different color or material, graphics that aren’t aligned correctly, or anything else that seems off. While monitoring throughout the day is proactive, there have been instances where placement and removal of the devices occurred around branch hours. It may also be beneficial to conduct reviews outside of regular branch hours.
3. Watch your ATM security footage.
Regularly review your security footage taken at the terminal. Watch for the angle, clarity of the images, and adjust cameras if necessary to ensure they are in the best position to capture activity at and around each terminal.
4. Review for suspicious activity.
In addition to watching footage taken from the ATM terminal, watch footage taken around them for situations where it appears as though a patron is manipulating anything on or around the ATM. For drive-up ATMs, monitor non-vehicle activity. Fraudsters have been known to install devices on foot or bicycle.
5. Work with your security vendor.
Determine the options currently available to your credit union, such as settings that can be modified to only capture image when there is activity. By streamlining your security protocols, managing your security can be made easier.
6. Limit your losses.
All card issuers should review the daily withdrawal limits assigned to their cardholders. These limits can be modified for individual cardholders, depending on your card vendor. By using lower default limits for the majority of the card base, losses could be limited.
7. Review daily velocity limits.
Once a counterfeit card is issued, the perpetrators will continue to quickly perform transactions until they have withdrawn all available funds. By limiting transaction counts, credit unions can further reduce cardholder exposure. As with the daily dollar limit, credit unions can modify individual cardholder records if needed, depending on card vendor.
8. Check with local law enforcement.
Because there have been so many instances of skimming at both ATM terminals and automated fuel dispensers, many law enforcement agencies have established task forces to coordinate efforts at the local, county, state, and federal levels.
*Source: ATM Fraud, Increasingly Organized, Aite Group, November 2016