I had the opportunity to speak with Mike Urban, FICO Senior Director of Fraud Solutions, about how criminals are enhancing their margins in ATM and debit card fraud.
The trend towards ATM compromises is largely a result of increased point of sale security. Criminals move to the weaker link, or the easiest approach, and ATMs are accessible 24/7 with no one to confront the person doing the tampering. Criminals are focusing their efforts on compromising PINs and debit cards to increase their profit margins in card fraud.
Encrypted PIN pads have been forcing criminals to capture PINs on the other side of the PIN pad. The ingenuity going into devices on the front of ATMs can be seen in a January article from Krebs on Security. The use of false fronts and pinhole cameras is hard to detect, even with a trained eye.
ATM compromises to obtain the unencrypted card track information have also been combined with alternative approaches to stealing PINs. Criminals have devised several ways to compromise PINs beyond their traditional methods of video capture. PINs can be compromised with ”spear phishing” or the newer SMS text message initiated version “SmiShing” or through other bank channels like online banking, telephone and automated voice response banking. Much of these compromises start with a physical change to the facade of the ATM.
Every financial institution and ATM location needs a plan to prevent ATM tampering. While bank ATMs are not immune to skimming, they are generally under surveillance and a less-attractive target for cyber-thieves than ATMs in convenience stores, gas stations, airports, etc. FICO suggests the following precautions for ATM managers:
- Have a plan that is reviewed with employees in associated departments and/or third parties
- Adopt visual standards and keep a picture readily available to compare
- Frequent inspection of ATM facades and and surrounds
- Contact law enforcement if there is any evidence found
- Increase inspections when there is a known threat, including after hours
- Consider upgrading video surveillance
- Image sent to 24 hr monitoring service with sound and voice
- Identify changes in the image
- Identify specific motions, sounds
- Identify long time intervals for a single user
- Link video to transaction
Working together, financial institutions are more likely to spot fraud. Three opportunities for collaboration are recommended by FICO:
- The Fraud Alert Network Forum is a secure portal for financial institution, law enforcement and industry peer-to-peer collaboration www.FraudAlertNetwork.com – enables fraud characteristics and specific incidents sharing with the 6,000 plus registered users.
- FICO also supports an ATM photo resource guide to create a directory of participating financial institutions and their contacts that handle ATM photo requests; and
- Fraud Forum monthly calls are ideal for peer-to-peer communication.
FICO Fraud Solutions offers several products that can support financial institutions in detecting fraudulent debit transactions and/or compromised ATMs, including Falcon Fraud Manager, which although traditionally known for credit card transaction monitoring can be used for DDA and debit card transaction monitoring as well.
FICO has developed a specialized PIN debit model that ties cards across ATM and the debit network. Transactions are scored relative to what is normal for a cardholder. These cardholder profiles take a few weeks to mature in the model and then live forever to identify what is normal or abnormal behavior and score the risk of transactions across products. Real time use of transaction scores enables transaction to be blocked before funds are removed from the deposit account.
For a white paper on Deposit Fraud see the FICO website here.
Based on our work with analytic and technology solution providers, Glenbrook believes Financial Institutions should work to optimize their detection models for PIN Debit and ATM transactions. Having an enterprise perspective for fraud is helpful for data architecture and cross-channel attacks, but specific channel and product fraud experience is critical to successful fraud detection and reduction of false positives. Financial institutions should also implement an ATM inspection plan working from photos to detect changes to the façade of the ATM. The third equally important step in fighting criminals is to share compromise data across the industry.
These three steps will help combat fraud making it harder for criminals to make money from debit products and the ATM. Early discovery will reduce the long-term, sustained losses possible in ATM and Debit fraud.