Shoulder surfing at ATMs is on the rise. According to FNB statistics, counterfeiting of bank cards has increased by 70%. This is when criminals duplicate your card by obtaining the details from your magnetic strip as well as your PIN number.
The problem is that once your card has been fraudulently used, the onus is on you to prove it. The biggest threat to South African ATM users is shoulder surfing. This is where the criminal works with accomplices to distract you while they copy your card.
The customer often only realises their card was compromised days or weeks later when fraudulent transactions appear on their statement. Criminals often pose as a staff member of the bank and while they are ‘helping” you at the ATM they swap your card and insert a fake card.
Your card has by now been handed to his accomplice who is copying the card on a device the size of a matchbox. The criminal offering ‘assistance” watches as the customer enters the PIN and a few seconds later retrieves the card from his helper and makes a quick swop.
The card suddenly works in the ATM and the customer is able to transact. The customer walks away with his or her card and cash.
The criminals then go to specific internet cafés where they rewrite the victim’s magnetic strip details on to a stolen card and within minutes the fraudulent card is operational.
Another method is the use of a ‘Lebanese loop”, which is a thin strip of X-ray film which is inserted into the ATM. The customer inserts the card and the criminal watches while they input their PIN.
The card gets jammed and the customer thinks the card has been swallowed by the ATM and walks away. The criminal simply takes the card out and has both the card and the PIN.
For criminals who are after cash rather than the card, they simply run over and grab the card out of the ATM at the end of the transaction and run away. The customer gives chase, leaving the cash in the dispenser for the criminal’s accomplice to collect.
For the more sophisticated syndicates there are high-tech devices they can attach to an ATM to extract the information. For example they use an almost invisible camera on the ATM to watch you enter your PIN and combine this with a device placed over card slots to skim the information from your card. In order to avoid detection, the criminals move these devices to new ATMs every 30 minutes.
Criminals have gone so far as to change the bank’s telephone number displayed on the ATM so that it routes you to a fake call centre if you try to cancel your card.
Although banks say they will compensate customers who are hoodwinked, once your PIN has been used the onus is on you to prove this to the bank and you have to lay a charge with the police.
Customers must be extremely vigilant with their cards. Make sure to receive SMS notification from your bank so that any fraudulent activity is detected quickly.