ARLINGTON, Va. – As this issue goes to press, the board of directors of the Electronic Funds Transfer Association is deciding whether or not to ratify the final report from the Association's industry wide task force on ATM fraud. Association executives were not available to comment on whether or not the board would likely approve the report, but regardless whether or not it does so, there are indications the industry has already begun implementing different approaches to the rising incidence of innovative ATM fraud around the country. Prior to recent years, most incidents of ATM fraud involved single cardholders having the cards stolen and somehow compromising their personal identification numbers, either through someone close to them or from doing something like writing the number down on the card, according to industry experts. But, beginning in the late 1990′s organized criminals, often from the former Soviet Union and Eastern bloc countries, began to perpetrate fraud aimed at actual ATMs. Often technically innovative and sophisticated, these frauds would use devices to record card numbers or capture cards at the same time they used other devices to photograph or record the PIN numbers associated with those cards. The criminals then used the compromised cards to loot the accounts of cardholders. Primarily, these types of fraud were confined to ATMs overseas, but there have been increasing incidents of this sort of smart fraud in the U.S., according to Stuart Bale, spokesman for the Dayton, Ohio, based-Gasper Corporation, a leading producer of ATM management software. Gasper has been aware of trends across the country which have indicated that, in some areas, criminal organizations generally associated with selling illegal drugs have turned to this type of ATM fraud, both because of the high profitability of this type of theft and because the penalties for it are so much less than that for dealing drugs, Bale explained. Gasper has recently contributed to the nationwide anti-fraud effort by completing research that suggested that fraud damages could be minimized by focusing attention on catching the fraudulent activity at the machines where it occurs. Previously, the attitude toward fraud prevention has focused on the individual cardholder, Bale explained adding that while the firm still thought those efforts remained important there was also room for monitoring machines more closely to catch the fraud before it became too damaging. A research white paper the firm prepared on the topic suggested that much of the new type of fraud could be detected at the level of the ATM machine, by monitoring machine activity and noting discrepancies from the norm for an individual machine. For example management software, of the type Bale admitted his firm manufactured, could be set to identify the parameters of ATMs which are most often at risk for sophisticated fraud. Machines that fit this enhanced risk profile could be monitored for suspicious activity. A lack of transactions during a normally busy time, or a lack of other signs of activity such as errors in entering PINs could indicate that a machine has been compromised in a sophisticated fraud, the paper said. The possible fraud could trigger corrective action like sending a technician or another employee to check on the machine, the paper added. The paper identified machines with motorized card readers, as opposed to swipe or dip card readers, as being especially vulnerable to some types of the sophisticated frauds, and there are indications that ATM manufactures are trying to build protection against this type of fraud into their machine design. Since the sophisticated frauds that compromise an ATM's motorized card readers often do so by inserting something into the reader, media sources have reported that manufacturers are experimenting with different devices that either detect the presence of something in the reader or will shut the machine down if someone tries to tamper with the reader. Other approaches have included different types and placement of keypads that would make it more difficult for someone looking over the cardholder's shoulder to see the PIN, or for a camera to do so. Bale speculated that some of the manufacturers have been relatively slow to begin focusing on fraud at the same time they were having to focus on hardware changes to comply with the newest set of encryption standards for the machines, and the requirements of the Americans with Disability Act regulations. The manufacturers' particular concern about fraud in their machines might stem from the EFTA task force's reported inability to fully address the question of liability for the costs and losses associated with the sophisticated ATM fraud. Sources close to the effort have reported a general feeling among task force participants that, in the end, the courts would have to get involved to determine who should pay what amount when smarter ATM thieves manage to defraud ATM users. [email protected]

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.