, , , , , , ,

By David Muchui-Meru

Did you know that your money in the bank can be withdrawn from the ATM by thugs while your ATM card is safely in your Wallet!?

Hi-tech thugs are in town and so far there have been several cases of people complaining that their money was withdrawn from ATMs while their cards are safe in the wallet.

One of the victims here in Meru says that Sh20, 000 was withdrawn from his account on Saturday (15th December) in a Nairobi ATM yet on the same day he was in Meru (with his ATM card).

Another victim in Meru also complained to have lost sh18, 000 through the same hacking spree.

According to reports, thugs have come up with a way of tapping your ATM card PIN before producing a replica card which they use to empty cash from your bank account.

According to a Ugandan Newspaper, the New Vision, two Bulgarian men were last year charged in court with theft of over Ush30million from various ATMS in Kampala.

The suspects were said to hack into the system using a re-fabricated machine that collects data about clients before stealing money from the bank’s ATMs.

Using pre-fabricated gear perfectly matched to the hardware of ATMs, criminals are able to read the magnetic stripe of victims’ cards and even record victims punching in their PINs.

The data acquired from skimming devices is used to make duplicate ATM cards that are used to withdraw money.

Similar crimes have been reported in other parts of the world and researchers from the University of California at San Diego last year claimed that it would be easier for a criminal to snoop on ATM PINs using a thermal (infrared) camera to detect residual heat from key presses.

“Indeed, in recent years there has been a rash of attacks (typically focused on bank ATMs and gas stations) in which the user’s payment card stripe is acquired via a “skimmer” while a pinhole camera is used to capture the associated PIN as it is entered. In principle, the same style of attack could be used to defeat any keypad-based access control system.

 When combined with a card skimmer, conventional cameras installed at ATMs have already proved to be quite effective in stealing people’s account information. Using a thermal camera instead provides an attacker the ability to recover the code even in the cases where, for example, a user’s body is blocking the keypad throughout the transaction, or he just covers the keypad with his hand as he types in the PIN.

 Attackers therefore gain an extra degree of flexibility in terms of camera placement, as it is no longer essential that the camera have an unobstructed view of the keypad at all times. In an ATM scenario, one could easily imagine an attacker whose goal is to obtain as many PINs as possible.” Reads part of the report titled Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks’

In USA, according to Secret Service figures, skimmers in 2010 netted an average of $30,000 per incident; in 2011, their take rose to $50,000. http://arstechnica.com/security/2012/06/automated-robbery-how-card-skimmers-still-steal-millions-from-banks/

ATM users are advised to frequently check their accounts for tamper.

The crime can be checked by counter-skimming technology-sensors that detect devices being attached to card readers,  jammers that block external readers from recording and transmitting card data.