Payment cards provide customers with the convenience of withdrawing cash through Automated Teller Machine (ATM) networks and transacting through merchants worldwide. However, there is a possibility of ATM and card reading machines being abused by criminals who wish to steal from the accounts of customers. Although this is common in other countries, it is something new to Sri Lanka. Hence, the authorities should be keen on this new development and take prompt measures to nip this menace in the bud before it transforms into a major scam.
The article reflects on what ATM skimming is all about, what actions have been taken by the authorities and whether the general public is aware of what is happening.
What is ATM skimming ?
ATM skimming happens when criminals place a device on the face of an ATM, which appears to be a part of the machine. It is almost unthinkable for people to know the difference unless they have an eye for security or the skimmer is of poor quality. Often, the thieves would hide a small pinhole camera in a brochure holder near the ATM, in order to extract the victim’s pin number.
Sri Lanka vulnerable
Finance Sector Computer Security Incident Response Team (FINCSIRT) had requested the general public to be vigilant of their bank account balances and about unauthorised withdrawals. This warning was given to customers who do transactions via ATM cards.
FINCSIRT Information Security Manager Loshan Wickramasekara told the that the warning was issued following several complaints received by the FINCSIRT over hacking of bank accounts in recent times.
ATM card skimming activities were reported from several areas in the country as early as last year, he said.
Wickramasekara said that the card skimmers usually select ATM which are located in isolated locations, which the criminals could have easy access to.
A device called a skimmer, which is very similar to an ATM card, is fixed into the card slot of machine. This device is in fact a fake key pad which is fixed on top of the existing keypad.
Hidden cameras can also see you typing your PIN number. These devices capture the details stored on the magnetic strip of your card.
“The skimmers copy the debit/credit card information while it is entered into the card slot, allowing a criminal element to clone the card. The customers cannot identify the difference between what’s fake and the original card slot at a glance,” Wickramasekara said.
Wickramasekara advised ATM card users to activate the mobile banking alert facility.
“The easiest way to identify fakes is through a gentle touch or push the card reader and keypad. Card skimmers and fake keypads can be easily removed. So if any part of the ATM doesn’t feel firmly secured, then you might have found a skimmer. And be sure to cover the keypad when you’re entering your PIN to protect it from hidden cameras,” Wickramasekara advised.
CBSL keen on the issue
Central Bank of Sri Lanka said that a few incidents of fund withdrawals using fraudulent payment cards had been reported during the recent past. CBSL, Lanka Clear (Pvt) Limited and licensed banks have initiated several measures, in addition to measures that are already in place, to mitigate such situations and enhance the security of customer funds while ensuring the safety of the banking system.
Efforts of banks, payment card issuers, acquirers and regulators need to be supported and recognised by customers in order to safeguard any payment system. In order to strengthen the security of ATM transactions, customers are required to use Europay, MasterCard, and Visa (EMV) enabled payment cards.
If the card used by a customer is not EMV enabled, a request can be made from the relevant bank to issue an EMV enabled card.
To mitigate such incidents, international payment card security standards and best practices have been adopted in Sri Lanka’s ATM and payment card network, such as issuance of cards with increased security which have an electronic chip (EMV) and provide for SMS alerts for all electronic transactions.
Accordingly, Central Bank wishes to inform customers to exercise due care and vigilance when using payment cards and ATMs in order to ensure the safety of ATM transactions. Any unidentified or unauthorised transactions and lost or misplaced cards should be notified to the relevant bank, immediately.
CID launches investigations
Speaking with the Daily Mirror , Police Spokesman SP Ruwan Gunasekara said that the Criminal Investigations Department (CID) had launched an investigation into the ATM skimming activities.
“As per the progress of the investigations, the CID was able to apprehend two Chinese in Fort and Wallawatte on January 20 and 21, 2019 respectively on the suspicion of having being involved in card skimming,” SP Gunasekara said.
He said that there were 200 ATM cards and money worth Rs. 1.2 million which were all fake.
“This type of activity is crime under the Penal Code and the Payment Devices Frauds Act, No. 30 of 2006,” SP Gunasekara said.
Banks issue warning
The Payment Card Industry Association of Sri Lanka and Sri Lanka Banks’ Association in a brief joint statement recently urged the public to inform their respective banks immediately in the event of any suspicious transaction noticed on their accounts.
The statement came in the wake of complaints from some customers that their savings and current accounts had been debited through fraudulent ATM withdrawals.
“This was a result of some card data that has been compromised through ATM skimming activities, where cloned cards have been created to make these fraudulent withdrawals.
No sooner receiving the complaints, the member banks have taken prompt action to attend to the complaints received and credit the accounts upon verification,” the joint statement said.
“We wish to confirm that all member banks have taken steps to bring the situation under control. Also, as a body, all banks are working collectively with the relevant authorities to bring the fraudsters to book.
Meanwhile, when Daily Mirror asked some of the leading banks about the skimming activities, the Channel Management Department of the People’s Bank said that they had received some complaints regarding the ATM skimming.
Although their machines have not been affected, some of their customers have experienced such incidents when they withdrew money from other ATM machines,” it said.An official of Sampath Bank told that the bank had taken precautionary measures when ATM skimming activities were first reported in Sri Lanka.
“Our ATMs are secured and skimmers cannot influence our machines,” he said.
Nevertheless, Amana and National Savings Banks said they had received complaints from their customers pertaining to the ATM skimming activities.
The following steps should be taken to combat ATM skimming
- Be wary of anything about the ATM machine that looks out of the ordinary, such as odd-looking equipment or wires attached to the device.
- Look for a “no tampering” sign. Crooks often place these to stop anyone curious about a new piece of equipment.
- Steer clear of a jammed ATM that forces customers to use another ATM that has a skimmer attached. Often, the criminal will disable other ATMs in the area to draw users to the one that has the skimming device on it.
- Customers should check their bank accounts regularly to make sure there are no unusual or unauthorised transactions. Consumers should check with their financial institution for details.
- If you see anything unusual or suspicious around an ATM, or if you find unauthorised ATM transactions on your bank account, immediately notify local law enforcement, as well as your financial institution and/or the establishment where the ATM is located.
- Always protect your PIN: Don’t give the number to anyone, and cover the keypad while you are entering your PIN.
- Subscribe for the SMS transaction alert facility through the respective banks.
Is the general public aware of this?
When Daily Mirror inquired from a few people whether they were aware of this scam this is what they had to say. Gokula Siriwardane from Wataraka said that he was not aware of this development until he was asked about this.
“Oh my God, if this is actually happening, it is a serious issue. They should raise their voice because it is their money that is being plundered,” he said.
Tisha Damayanthi from Gampaha said that she was aware of this development, but had no idea how it was taking place.“I think it is the responsibility of the banking hierarchy to take action regarding the issue,” she said.
Udesh Warnakulasuriya from Medaketiya, Tangalle said that he had not heard of such a word called skimming although he was a cardholder.
“How does a person possibly withdraw money from an account which belongs to somebody else? The mode which I think the safest now seems to be vulnerable,” he said.
Manel Perera from Dehiwala said that she was not aware of ATM skimming in Sri Lanka even though it was visible in other countries.
“I am of the opinion that the security guards near the ATMs should be more watchful and vigilant of everybody who approaches the ATM”. said Perera.
In conclusion, it is fitting to note that these types of organised crimes should be detected early. Otherwise, this would become a major menace to the entire banking sector. The authorities should identify those engaged in these fraudulent activities and take severe actions against them. In addition, the general public should also be alert of such activities, so that these activities can be nipped in the bud.