SlideShare a Scribd company logo

ATM Skimming in the Caribbean

Download as PPTX, PDF
G
Giovanni James
1 of 29
Giovanni James Regional Legal Adviser Asset Recovery Unit Regional Security System Fusion Centre Paragon, Christ Church Barbados
What Is ATM Card Skimming?? A method used by criminals to capture data from the magnetic stripe on the back of an ATM card. Devices used are smaller than a deck of cards and are often fastened in close proximity to, or over the top of the ATM’s factory-installed card reader. ATM skimming is a world-wide problem.
In 2010 Retail Banking Research Limited estimated 1.7 million global ATMs. There are about 49 billion annual worldwide ATM cash withdrawals. The US Secret Service estimates that annual losses from ATM skimming in the USA totals about US $1 billion each year; about US $350,000 a day. Cybercrime now generates over US $1 trillion a year for cybercriminals. It now brings in more money than the drug trade. Did you Know?
The USA and the Caribbean are considered soft targets. Almost every Caribbean Island has been affected by Card Skimming in varying degrees; with combined losses estimated to be in the millions. Organised crime groups love ATMs
 Skimming devices illegally record account data from the magnetic stripe of a credit or debit card.  PIN numbers are usually capture using hidden devices such as mini cameras, keypad overlays or audio recording devices.  The average cardholder has no knowledge that the skimming device is there because it does not interfere with the operation of the ATM.  The data is typically stored in the memory of the skimmer and is downloaded to a PC where it can be used to make fake cards. Skimming
Other methods of card skimming include: 1. Hidden Card Reader 2. Petrol station pumps where cards are accepted 3. Point of sale machines 4. Contactless Smart card readers
ATM Skimming Hardware Round-shaped Skimming Device with double- sided tape ATM Skimming Devices with Internal Batteries
ATM Pin Hole Cameras with Micro SD Memory Card SlotBrochure holder Pin Hole Camera
ATM PIN capture overlay device pulled back to reveal the legitimate PIN entry pad. Bluetooth-enabled gas pump skimmer.
Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message
Many security-savvy persons have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. Experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users. Claw-like card & cash trap ATM devices Card reader/writer Adapted 2 Pin USB Charging Cable
Two network cable card skimming devices, as found attached to this ATM.
Pro-Grade Point-of-Sale Skimmer
Chip Card ATM Shimmer: Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine’s card acceptance slot and used to read data directly off of chip-enabled credit or debit cards. The device is a type of skimmer known as a “shimmer,” so named because it acts as a shim that sits between the chip on the card and the chip reader in the ATM — recording the data on the chip as it is read by the ATM.
 Skimming devices have the same appearance as genuine fixtures.  The average skimming attack is a short-term occurrence.  Usually an hour or two.  Maximum period of skimming attack on an ATM is usually 24 hours.  In a 1-2 hour period, criminals can accumulate an average of US $33,000 per incident.  Skimming usually done at peak transaction times.  Skimming is a migratory crime. Facts About ATM Skimming
 Information Downloaded  Sale of information  Card Not Present transactions  Cloning of cards  Harvesting What happens to the information on skimming devices?
Most of the Caribbean region has not fully migrated to the EMV system thus making the region a soft target for ATM Skimming.  Estimate of millions in losses from harvesting of skimmed cards, replacement of skimmed cards and improved security measures.  Significant “soft costs” incurred by FI Risk-Security staff.  Damage to reputation of ATM deployers.  Loss of business.  Fines from the card networks.  Potential lawsuits.  Non-EMV compliant banks will not be refunded by card networks for loses from ATM fraud. Effects of Card Skimming on the Financial Sector
 Players are usually involved in Card-Not-Present fraud or cross-border counterfeit fraud (particularly ATM fraud).  Origin of major card skimmers identified in the region: 1. Eastern Europe- Bulgaria and Romania* 2. Chinese* 3. African- Nigeria* 4. UK 5. USA 6. South America* 7. Locals / Residents * -Most prevalent Who are the major skimmers in our region??
 Marked increase in the number of foreign nationals travelling through the region with Skimming equipment.  Both local and foreign accounts are affected.  Skimmers move from one Caribbean country to the next skimming and harvesting.  Skimmers connected to international criminal gangs,  Skimmers travel under the disguise of vacation, alone or in small groups to various islands in the Caribbean, sometimes with families to hide their true intent.  Skimmers connected to money laundering, drugs, guns, identity and document fraud e.g. fraudulent passports. Recent ATM Skimming trends in the Caribbean
 Recent monitoring and arrests in the Caribbean region have revealed the following criminal connections and associations to card skimming: (1) Money invested in the wholesale purchase of drugs. (2) Money used to purchase firearms which are supplied to gang members. (3) Increase in money laundering. (4) Purchase of high end goods for self-use or resale. (5) Skimmers belong to organised criminal gangs associated with drugs, arms dealing, human trafficking to name a few. (6) Migration of international criminal gangs to our region for ATM skimming introduces into local culture new criminal enterprise which State agencies are not equipped to deal with. Connections and Associations to ATM skimming
 With the ever increasing problem of ATM skimming and cybercrime in the region and the associated crimes for example, money laundering, drug trafficking, arms trafficking to name a few, countries should consider the inclusion of these types of crimes (skimming and cybercrime) in their National Risk Assessment.  Almost every ATM skimming case will have a component of money laundering.  The identification of ATM/payment card crime as a risk should lead to countries/territories identifying their deficiencies in legislation and training.  Identification of these risks should assist countries/territories in addressing these deficiencies in their National Action Plan. National Risk Assessment – ATM Skimming & Cybercrime
 Recommendations A. AML/CFT POLICIES AND COORDINATION 1. Assessing risks and applying a risk-based approach  Card skimming/ATM Fraud is a significant threat to the region.  It is connected to all the crimes mentioned previously including money laundering.  It involves transnational criminals.  Movement of monies around the globe.  Failing to address these risks in the National Risk Assessment exercise would mean that a country is failing to take corrective or mitigating measures in relation to a significant threat.  This failure may impact issues such as Customer Due Diligence/Knowing Your Customer.  This failure can give rise to the question of whether Customer Due Diligence/ Know your customer mechanisms are working, given, the significant variance from a customer’s usual activity.  Banks may need to enhance the risk profile of ATMs as a product offered.  Are banks reporting Suspicious Activity Reports in relation to these transactions, which may be tied to many other major crimes such as ML, drug trafficking, human trafficking, transnational crime? FATF 40 Recommendations
2. National cooperation and coordination The FIU must:  work with Financial Institutions and other regulators such as the Central Bank to raise awareness of the threat posed by card skimming.  Monitor the receipt of Suspicious Activity Reports by financial institutions and other regulated entities with ATMs to ensure that SARs are filed.  Analyse this information in a timely fashion for dissemination to relevant law enforcement agencies for investigation.  Consideration can be given to creating a multi-agency task force to discuss strategies to mitigate and combat the threat posed by card skimming.
Financial Institutions (FIs):  EMV Migration  Have a plan  Document the plan  Educate employees  Inspect all ATM locations  Recording keeping and pictorial documentation  Set ATM standards  Report Skimming to law enforcement  Contact other institutions Tips to reduce ATM skimming
Card Holders  Familiarise yourself with the look and feel of the ATM fascia of machines  Contact your card issuer if you have completed a transaction and suspect that your card or PIN may have been compromised.  Check your card transactions frequently, using online banking and your monthly statement.  Always protect your PIN and be aware of people around or close to you.  Ask your card provider if they offer account alert technology that will deliver SMS text communications or emails to you in the event that fraudulent activity is suspected on your payment card.  Update your address and cell phone information for every card you have, so that you can be reached if there is ever a critical situation that requires your immediate attention. Law enforcement:  Familiarise officers in particular, border control officers on skimming equipment and methods of concealment.  Train law enforcement agencies in investigation and prosecution of ATM skimming.
 Secure and preserve evidence of card skimming ASAP.  Establish cooperative, crime prevention liaison with FIs operating in your country.  Team with other local, regional and international law enforcement agencies in communicating skimming events, dates, locations and images as well as bio-data of know skimmers and their travel plans.  Consider working with National Financial Associations to build collaborations and maximize resources.  Identify, investigate and prosecute associated crimes such as money laundering.
ATM Skimming in the Caribbean

Recommended

Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryBrandonRuse1
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
Case studies in cybersecurity strategies
Case studies in cybersecurity strategiesCase studies in cybersecurity strategies
Case studies in cybersecurity strategiesEyesOpen Association
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
How Big Data and Predictive Analytics are revolutionizing AML and Financial C...
How Big Data and Predictive Analytics are revolutionizing AML and Financial C...How Big Data and Predictive Analytics are revolutionizing AML and Financial C...
How Big Data and Predictive Analytics are revolutionizing AML and Financial C...DataWorks Summit
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 

Recommended

Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Money Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryMoney Laundering in the Art, Collectibles, and Luxury Goods Industry
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryBrandonRuse1
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
Case studies in cybersecurity strategies
Case studies in cybersecurity strategiesCase studies in cybersecurity strategies
Case studies in cybersecurity strategiesEyesOpen Association
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
How Big Data and Predictive Analytics are revolutionizing AML and Financial C...
How Big Data and Predictive Analytics are revolutionizing AML and Financial C...How Big Data and Predictive Analytics are revolutionizing AML and Financial C...
How Big Data and Predictive Analytics are revolutionizing AML and Financial C...DataWorks Summit
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
Protección de los datos en la era Post-Datacenter
Protección de los datos en la era Post-DatacenterProtección de los datos en la era Post-Datacenter
Protección de los datos en la era Post-DatacenterCristian Garcia G.
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)Ritesh Gupta
 
Malware Incident Response
Malware Incident ResponseMalware Incident Response
Malware Incident ResponseRajdeep CISSP, ECSA, CEH
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Business Email Compromise Scam
Business Email Compromise ScamBusiness Email Compromise Scam
Business Email Compromise ScamGuardian Analytics
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Atm theft
Atm theftAtm theft
Atm theftApurva Sharma
 
ATM.pdf.pptx
ATM.pdf.pptxATM.pdf.pptx
ATM.pdf.pptxRashmibansal15
 

More Related Content

What's hot

Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
Protección de los datos en la era Post-Datacenter
Protección de los datos en la era Post-DatacenterProtección de los datos en la era Post-Datacenter
Protección de los datos en la era Post-DatacenterCristian Garcia G.
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)Ritesh Gupta
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Business Email Compromise Scam
Business Email Compromise ScamBusiness Email Compromise Scam
Business Email Compromise ScamGuardian Analytics
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 

What's hot (20)

Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk Management
 
Protección de los datos en la era Post-Datacenter
Protección de los datos en la era Post-DatacenterProtección de los datos en la era Post-Datacenter
Protección de los datos en la era Post-Datacenter
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)
 
Malware Incident Response
Malware Incident ResponseMalware Incident Response
Malware Incident Response
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
System hacking
System hackingSystem hacking
System hacking
 
Business Email Compromise Scam
Business Email Compromise ScamBusiness Email Compromise Scam
Business Email Compromise Scam
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 

Similar to ATM Skimming in the Caribbean

TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTesth9gfhypx97
 
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersCognizant
 
ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQESQ Business Services
 
Digital identification in the Gambling industry
Digital identification in the Gambling industryDigital identification in the Gambling industry
Digital identification in the Gambling industryDominicvanBergen
 
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsChristopher Uriarte
 
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008ClubHack
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissectedamiable_indian
 
eCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Merchants
 
Skimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudSkimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudJason Sookram
 
The DNA of Online Payments Fraud
The DNA of Online Payments FraudThe DNA of Online Payments Fraud
The DNA of Online Payments FraudChristopher Uriarte
 
Law enforcement agencies grappling with spike in multi-million-dollar cyber s...
Law enforcement agencies grappling with spike in multi-million-dollar cyber s...Law enforcement agencies grappling with spike in multi-million-dollar cyber s...
Law enforcement agencies grappling with spike in multi-million-dollar cyber s...Bigger Price
 
Why Cryptosystems Fail ryptography is used by governments,.docx
Why Cryptosystems Fail ryptography is used by governments,.docxWhy Cryptosystems Fail ryptography is used by governments,.docx
Why Cryptosystems Fail ryptography is used by governments,.docxalanfhall8953
 
Leveraging graph technology to fight financial fraud
Leveraging graph technology to fight financial fraudLeveraging graph technology to fight financial fraud
Leveraging graph technology to fight financial fraudNeo4j
 
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...Eswar Publications
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsVi Tính Hoàng Nam
 

Similar to ATM Skimming in the Caribbean (20)

Atm theft
Atm theftAtm theft
Atm theft
 
ATM.pdf.pptx
ATM.pdf.pptxATM.pdf.pptx
ATM.pdf.pptx
 
ATM2.pdf.pdf
ATM2.pdf.pdfATM2.pdf.pdf
ATM2.pdf.pdf
 
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
TestTestTestTestTestTestTestTestTestTestTestTestTestTestTestTest
 
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of FraudstersSecure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
Secure Payments: How Card Issuers and Merchants Can Stay Ahead of Fraudsters
 
ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ ATM Fraud Prevention Management White Paper from ESQ
ATM Fraud Prevention Management White Paper from ESQ
 
Digital identification in the Gambling industry
Digital identification in the Gambling industryDigital identification in the Gambling industry
Digital identification in the Gambling industry
 
CNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift CardsCNP Payment Fraud and its Affect on Gift Cards
CNP Payment Fraud and its Affect on Gift Cards
 
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Card Payment Fraud
Card Payment FraudCard Payment Fraud
Card Payment Fraud
 
eCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers PresentationeCommerce Summit Atlanta Moneybookers Presentation
eCommerce Summit Atlanta Moneybookers Presentation
 
Skimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudSkimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card Fraud
 
The DNA of Online Payments Fraud
The DNA of Online Payments FraudThe DNA of Online Payments Fraud
The DNA of Online Payments Fraud
 
Law enforcement agencies grappling with spike in multi-million-dollar cyber s...
Law enforcement agencies grappling with spike in multi-million-dollar cyber s...Law enforcement agencies grappling with spike in multi-million-dollar cyber s...
Law enforcement agencies grappling with spike in multi-million-dollar cyber s...
 
Why Cryptosystems Fail ryptography is used by governments,.docx
Why Cryptosystems Fail ryptography is used by governments,.docxWhy Cryptosystems Fail ryptography is used by governments,.docx
Why Cryptosystems Fail ryptography is used by governments,.docx
 
Money Laundering
Money Laundering Money Laundering
Money Laundering
 
Leveraging graph technology to fight financial fraud
Leveraging graph technology to fight financial fraudLeveraging graph technology to fight financial fraud
Leveraging graph technology to fight financial fraud
 
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
An Enhanced Automated Teller Machine Security Prototype using Fingerprint Bio...
 
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card fraudsCe hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
 

ATM Skimming in the Caribbean

  • 1. Giovanni James Regional Legal Adviser Asset Recovery Unit Regional Security System Fusion Centre Paragon, Christ Church Barbados
  • 2. What Is ATM Card Skimming?? A method used by criminals to capture data from the magnetic stripe on the back of an ATM card. Devices used are smaller than a deck of cards and are often fastened in close proximity to, or over the top of the ATM’s factory-installed card reader. ATM skimming is a world-wide problem.
  • 3. In 2010 Retail Banking Research Limited estimated 1.7 million global ATMs. There are about 49 billion annual worldwide ATM cash withdrawals. The US Secret Service estimates that annual losses from ATM skimming in the USA totals about US $1 billion each year; about US $350,000 a day. Cybercrime now generates over US $1 trillion a year for cybercriminals. It now brings in more money than the drug trade. Did you Know?
  • 4. The USA and the Caribbean are considered soft targets. Almost every Caribbean Island has been affected by Card Skimming in varying degrees; with combined losses estimated to be in the millions. Organised crime groups love ATMs
  • 5.
  • 6.  Skimming devices illegally record account data from the magnetic stripe of a credit or debit card.  PIN numbers are usually capture using hidden devices such as mini cameras, keypad overlays or audio recording devices.  The average cardholder has no knowledge that the skimming device is there because it does not interfere with the operation of the ATM.  The data is typically stored in the memory of the skimmer and is downloaded to a PC where it can be used to make fake cards. Skimming
  • 7. Other methods of card skimming include: 1. Hidden Card Reader 2. Petrol station pumps where cards are accepted 3. Point of sale machines 4. Contactless Smart card readers
  • 8. ATM Skimming Hardware Round-shaped Skimming Device with double- sided tape ATM Skimming Devices with Internal Batteries
  • 9.
  • 10. ATM Pin Hole Cameras with Micro SD Memory Card SlotBrochure holder Pin Hole Camera
  • 11. ATM PIN capture overlay device pulled back to reveal the legitimate PIN entry pad. Bluetooth-enabled gas pump skimmer.
  • 12. Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message
  • 13. Many security-savvy persons have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. Experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users. Claw-like card & cash trap ATM devices Card reader/writer Adapted 2 Pin USB Charging Cable
  • 14. Two network cable card skimming devices, as found attached to this ATM.
  • 16. Chip Card ATM Shimmer: Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine’s card acceptance slot and used to read data directly off of chip-enabled credit or debit cards. The device is a type of skimmer known as a “shimmer,” so named because it acts as a shim that sits between the chip on the card and the chip reader in the ATM — recording the data on the chip as it is read by the ATM.
  • 17.  Skimming devices have the same appearance as genuine fixtures.  The average skimming attack is a short-term occurrence.  Usually an hour or two.  Maximum period of skimming attack on an ATM is usually 24 hours.  In a 1-2 hour period, criminals can accumulate an average of US $33,000 per incident.  Skimming usually done at peak transaction times.  Skimming is a migratory crime. Facts About ATM Skimming
  • 18.  Information Downloaded  Sale of information  Card Not Present transactions  Cloning of cards  Harvesting What happens to the information on skimming devices?
  • 19. Most of the Caribbean region has not fully migrated to the EMV system thus making the region a soft target for ATM Skimming.  Estimate of millions in losses from harvesting of skimmed cards, replacement of skimmed cards and improved security measures.  Significant “soft costs” incurred by FI Risk-Security staff.  Damage to reputation of ATM deployers.  Loss of business.  Fines from the card networks.  Potential lawsuits.  Non-EMV compliant banks will not be refunded by card networks for loses from ATM fraud. Effects of Card Skimming on the Financial Sector
  • 20.  Players are usually involved in Card-Not-Present fraud or cross-border counterfeit fraud (particularly ATM fraud).  Origin of major card skimmers identified in the region: 1. Eastern Europe- Bulgaria and Romania* 2. Chinese* 3. African- Nigeria* 4. UK 5. USA 6. South America* 7. Locals / Residents * -Most prevalent Who are the major skimmers in our region??
  • 21.  Marked increase in the number of foreign nationals travelling through the region with Skimming equipment.  Both local and foreign accounts are affected.  Skimmers move from one Caribbean country to the next skimming and harvesting.  Skimmers connected to international criminal gangs,  Skimmers travel under the disguise of vacation, alone or in small groups to various islands in the Caribbean, sometimes with families to hide their true intent.  Skimmers connected to money laundering, drugs, guns, identity and document fraud e.g. fraudulent passports. Recent ATM Skimming trends in the Caribbean
  • 22.  Recent monitoring and arrests in the Caribbean region have revealed the following criminal connections and associations to card skimming: (1) Money invested in the wholesale purchase of drugs. (2) Money used to purchase firearms which are supplied to gang members. (3) Increase in money laundering. (4) Purchase of high end goods for self-use or resale. (5) Skimmers belong to organised criminal gangs associated with drugs, arms dealing, human trafficking to name a few. (6) Migration of international criminal gangs to our region for ATM skimming introduces into local culture new criminal enterprise which State agencies are not equipped to deal with. Connections and Associations to ATM skimming
  • 23.  With the ever increasing problem of ATM skimming and cybercrime in the region and the associated crimes for example, money laundering, drug trafficking, arms trafficking to name a few, countries should consider the inclusion of these types of crimes (skimming and cybercrime) in their National Risk Assessment.  Almost every ATM skimming case will have a component of money laundering.  The identification of ATM/payment card crime as a risk should lead to countries/territories identifying their deficiencies in legislation and training.  Identification of these risks should assist countries/territories in addressing these deficiencies in their National Action Plan. National Risk Assessment – ATM Skimming & Cybercrime
  • 24.  Recommendations A. AML/CFT POLICIES AND COORDINATION 1. Assessing risks and applying a risk-based approach  Card skimming/ATM Fraud is a significant threat to the region.  It is connected to all the crimes mentioned previously including money laundering.  It involves transnational criminals.  Movement of monies around the globe.  Failing to address these risks in the National Risk Assessment exercise would mean that a country is failing to take corrective or mitigating measures in relation to a significant threat.  This failure may impact issues such as Customer Due Diligence/Knowing Your Customer.  This failure can give rise to the question of whether Customer Due Diligence/ Know your customer mechanisms are working, given, the significant variance from a customer’s usual activity.  Banks may need to enhance the risk profile of ATMs as a product offered.  Are banks reporting Suspicious Activity Reports in relation to these transactions, which may be tied to many other major crimes such as ML, drug trafficking, human trafficking, transnational crime? FATF 40 Recommendations
  • 25. 2. National cooperation and coordination The FIU must:  work with Financial Institutions and other regulators such as the Central Bank to raise awareness of the threat posed by card skimming.  Monitor the receipt of Suspicious Activity Reports by financial institutions and other regulated entities with ATMs to ensure that SARs are filed.  Analyse this information in a timely fashion for dissemination to relevant law enforcement agencies for investigation.  Consideration can be given to creating a multi-agency task force to discuss strategies to mitigate and combat the threat posed by card skimming.
  • 26. Financial Institutions (FIs):  EMV Migration  Have a plan  Document the plan  Educate employees  Inspect all ATM locations  Recording keeping and pictorial documentation  Set ATM standards  Report Skimming to law enforcement  Contact other institutions Tips to reduce ATM skimming
  • 27. Card Holders  Familiarise yourself with the look and feel of the ATM fascia of machines  Contact your card issuer if you have completed a transaction and suspect that your card or PIN may have been compromised.  Check your card transactions frequently, using online banking and your monthly statement.  Always protect your PIN and be aware of people around or close to you.  Ask your card provider if they offer account alert technology that will deliver SMS text communications or emails to you in the event that fraudulent activity is suspected on your payment card.  Update your address and cell phone information for every card you have, so that you can be reached if there is ever a critical situation that requires your immediate attention. Law enforcement:  Familiarise officers in particular, border control officers on skimming equipment and methods of concealment.  Train law enforcement agencies in investigation and prosecution of ATM skimming.
  • 28.  Secure and preserve evidence of card skimming ASAP.  Establish cooperative, crime prevention liaison with FIs operating in your country.  Team with other local, regional and international law enforcement agencies in communicating skimming events, dates, locations and images as well as bio-data of know skimmers and their travel plans.  Consider working with National Financial Associations to build collaborations and maximize resources.  Identify, investigate and prosecute associated crimes such as money laundering.