ATM hackers skim $3.3 million from 200 customers

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.wiscnews.com/news/local/article_74a0527e-6b66-11e2-95a0-001a4bcf887a.html?comment_form=true

BARABOO — An ATM machine hacking scheme that affected 200 Bank of
Prairie du Sac customers was part of a wider-ranging fraud that has
“skimmed” at least $3.3 million from U.S. debit card users and drawn
the attention of the Secret Service.

Sauk County District Attorney Kevin Calkins has filed felony identity
theft charges against Mihai Vasile Bandura, a 39-year-old man who
authorities believe is from Romania and may already have left the
country, or is in the process of leaving.

A Sauk County judge has authorized a warrant for Bandura’s arrest.

In November, Bank of Prairie du Sac Senior Vice President Roxi Maier
contacted the Sauk Prairie Police Department to report that numerous
customers had noticed unauthorized withdrawals from their accounts at
ATMs in Milwaukee, Racine and Chicago.

Police suspect the scam artists placed a “skimming device” on the
bank’s ATM at the Sentry Food Store in Prairie du Sac and used it to
collect customers’ card information.

According to a criminal complaint filed in Sauk County Circuit Court,
the U.S. Secret Service informed Sauk Prairie Police Chief Jerry
Strunz in December that two suspects in the case were stopped in
Illinois. The Secret Service sent a photograph of Bandura, whom Strunz
recognized as the person shown in surveillance footage using stolen
card information at a Milwaukee bank ATM.

The complaint says other authorities still are investigating possible
links between other transactions and “an identified bank customer.”

It’s unclear whether authorities were tracking Bandura and the other
suspect when they were stopped, and why they believe he may be on his
way out of the country.

Secret Service spokesman Max Milien declined to comment and directed
inquiries to the Sauk Prairie Police Department.

Reached by phone Tuesday, Strunz said he could not comment on the case
because the investigation is ongoing.

“I don’t want to jeopardize anything we’ve got going,” he said.

According to the Secret Service’s website, skimming devices can be
added to the front or inside of ATMs or gas pumps to capture
transaction information. In many cases, the criminals install a covert
camera to capture the card holder’s personal identification number.

Cards also can be skimmed by collusive cashiers who complete sales,
then covertly capture a second unauthorized swipe on a portable device
before returning the card.

Authorities say card users should make sure their card is swiped only
once by a cashier. They also should conceal PIN numbers as they enter
them into ATMs or credit card readers.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.