How Fraudsters Conceal ATM Fraud

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/how-fraudsters-conceal-atm-fraud-a-6210

A recent ATM fraud scheme that targeted banks in New York, New Jersey and
Connecticut illustrates just how sophisticated these types of attacks have
become.

While the skimming devices and equipment used in these kinds of attacks
have not changed much over the years, the criminals' methods have become
far more sophisticated, experts say. For example, as fraudsters gain more
knowledge about how banks and processors route and review ATM transactions,
they can more effectively keep their schemes concealed.

On Nov. 6, federal authorities announced guilty pleas filed by two Romanian
natives who helped orchestrate the tri-state skimming scheme that defrauded
consumer bank accounts of more than $5 million. From 2012 to early 2013,
Ioan Leusca, a.k.a. Ionel Spinu, and Dezso Gyapias installed skimming
devices and pinhole cameras used to capture PINs as they're entered on a
keypad at numerous ATMs, according to the U.S. Attorney's Office in New
Jersey.

Leusca and Gyapias, along with other conspirators, then later used the card
details they collected to create fake ATM/debit cards that were used to
make fraudulent withdrawals.

Citibank Targeted

Citibank ATMs were the primary targets for the fraudulent withdrawals,
authorities say. Some $985,000 was withdrawn from Citi ATMs. Matt Riley,
spokesman for the U.S. Attorney's Office, says other ATMs were likely
targeted as well, although no other bank was specifically noted in his
office's announcement of the guilty pleas.

Leusca and Gyapias admitted to the roles they played in collecting skimming
devices from tampered ATMs after they had recorded card information. Each
was charged with conspiracy to commit bank fraud and aggravated identity
theft, court records show.

Each now faces a sentence of up to 30 years in prison and a $1 million fine
for the bank fraud conspiracy charge and up to two years in prison and a
$250,000 fine for the aggravated ID theft charge. Sentencing is scheduled
for Feb. 20.

Eight others also have been charged as part of a wider scheme that included
Leusca and Gyapias. Of those eight, seven have been taken into custody,
authorities says.

Detecting the Fraud

Citi discovered the fraudulent ATM transactions and immediately took
action, says Brent Andrew, a spokesman for the bank.

"We discovered the scheme through our regular security procedures, and we
worked with the authorities throughout their investigation," Andrew says.
"As is generally the case, none of the impacted customers are responsible
for the fraudulent activity, and they have been made whole."

John Buzzard, who oversees FICO's Card Alert Service, says fraudsters are
increasingly targeting specific banking institutions and brands to help
conceal their attacks.

Thus, the quick detection and containment of these types of schemes can
have a dramatic impact on subsequent fraud losses, Buzzard says.

"Fraudsters have been known to skim and then later sort out bank
identification numbers (BINs) and utilize the cards for fraudulent ATM
withdrawals at the issuer's proprietary ATMs," he says. "This form of
subversion can distort the perception of the transaction, making it appear
as normal, customer-initiated activity. Eventually, patterns form and the
fraud is discovered and contained, but it might take longer and the losses
could add up quickly if the criminals stick to lower dollar amounts and
mimic more typical consumer withdrawal behavior."

One ATM fraud executive at a mid-sized regional bank in the Midwest, who
asked not to be named, says attackers often return to the scene of the
crime, targeting branches and off-site locations they've hit before.

"The fraudsters can be driven to ATMs where they have had success before,
just like a normal customer. If their experience is good, they will return;
if not, they will go elsewhere," the executive says. "Also, different ATMs,
whether controlled at the hardware or processor-software level, can
dispense different amounts. The fraudsters often know this information and
usually target heavy-volume ATMs that usually have more funds."

Skimming Attacks to Increase

Experts expect skimming attacks to increase in over the next 18 to 24
months as the United States' migration toward enhanced payment-card
technology that complies with the Europay, MasterCard, Visa standard ramps
up (see ATM Malware: Sign of New Trend?).

That's because this migration will eventually lead to far less use of
magnetic-stripe cards, which are more vulnerable to skimming. Until then,
banking institutions should encourage customers to cover ATM keypads when
entering their PINs and to notify their banks and credit unions immediately
if they notice anything unusual, such as something attached to the ATM,
experts say.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.