enhancing security
As the user inputs his PIN it is captured
ATM Threat and Risk
Mitigation
Written by: Frank DeSomer
In 2007 a major holding banking com-
pany in Asia conducted an assessment
on operational risk associated with
Vo l u m e 2 / 2 0 0 8
ATM’s and Point of Sale (POS) Card
processors in the Asia-Pacific region.
The study showed that 70 % of their
incidents occurred in Thailand, which
subsequently drove them to new and
innovative methods to counter the
criminals and mitigate the threat.
Thai-American Business
ATM SECURITY
The primary tactic for this theft is
“skimming,” a process in which your
card’s magnetic strip is scanned and
recorded on a hard disk drive (HDD)
to be later paired with your PIN code
and used to access your account.
Today’s thieves are getting more
technical and tactical in their efforts
to steal your property and, in some
cases, personal identity. The process is
comprised of three major elements: a
pinhole camera, card skimming device
and a wireless HDD recorder located
28 False gel keypad capturing your PIN in place over an original bank keypad.
nearby, perhaps in a flowerpot, bicy-
cle/motorcycle or some other decora-
tive object within 20 feet of the ATM.
Targeted ATM’s include major bank
and commercial ATM’s throughout
the city, some of which are located in
clear public view and in highly traf-
ficable areas. The thieves will conduct
a visit to the area to determine the
location of security cameras, type of
keypad and card reader on the ma-
chine and law enforcement presence.
Once the components are installed on
the machine, the process begins. When
a user inserts their card it is instantly
scanned and the scanned data is wire-
lessly transmitted to a recorder HDD.
In a one-month period, criminals stole
approximately U.S.$18,000…using six
successfully cloned accounts.
by the pinhole camera. In some cases,
the criminals will overlay a gel pad on
the keypad to record your PIN code
and transmit it to the HDD. The trans-
action is processed as if everything is
normal. After a large volume of data
is captured, either after a set period
of time or a high volume of users, the
thieves will then recover the HDD and
return to a safe-house to download
the information and pair times of use
to PINs entered, based on captured
video and other data. The thieves will
return to the ATM to repeat the proc-
ess, and at the same time begin using
other ATMs to withdraw money from
accounts captured. In a one-month
period, criminals stole approximately
U.S.$18,000 from 14 ATMs, using six
successfully cloned accounts. In total
over 800 accounts were compromised
during this period.
POINT OF SALE TRANSACTIONS
POS transaction machines are victim
as well. In one recorded case a store’s

Card skimming false front - notice the exact paint match.
closed circuit television showed two
thieves standing at the cash register
ringing up goods. While one distracted
the attendants the other unplugged the
POS machine and replaced it with his
own corrupt machine. The two pro-
ceeded to check out and leave.
RISK MITIGATION
From this point on, the corrupt ma-
chine recorded all data from POS
transactions. After a set duration of time
(5-8 days), the thieves returned to re-
cover the machine and replace it with
another corrupt machine. They returned
to their safe house and were able to
download all personal data stored and
begin to illegally access the accounts.
Rear View of false front with transmitter and camera built in.
enhancing security
The banking industry has established
several risk mitigation measures in
response to these actions, which
include:
• Security patrols to higher risk areas,
including stand-alone machines,
low traffic areas and poorly lit
areas;
• Installation of “Jitter Devices,” de-
vices which are designed to shake
and jitter the card as it is slowly
drawn into the machine, thus
disrupting the skimmer’s attempt to
scan if installed on the machine;
• Compromised card number filters
which place stolen card numbers
on a bank’s “watch list,” send SMS
alerts to victims and alert Quick Re-
sponse Teams of compromised cards;
• Improved lighting;
• High quality cameras, including in-
tegrated camera systems and digital
color images;
• Fraudulent device inhibitors, which
include brightly colored plastic
modifications placed over the card
slot which prevent the installation
The American Chamber Of Commerce In Thailand
of a scanner;
• Public awareness stickers on ma-
chines;
• Awareness messages on the login
screen with notices such as “Guard
your PIN”;
• Active law enforcement engage-
ment;
• Card cancellation procedures; and
• Outreach to the security industry.
SECURE YOUR TRANSACTIONS
ATM and POS users should take the
following steps to ensure their transac-
tions are secure:
• Use a major bank’s ATM inside a
banking institution for cash with-
drawals;
• Use your free hand to completely
cover the keypad when entering
your PIN;
• Look for modifications to the ma-
chine, card slot and keypad;
• Be aware of your surroundings, es-
pecially people in line behind you
eavesdropping; and
• Be sure to remove all material from
the ATM, including your card,
receipt and other belongings.
In short, be aware of your surround-
ings. If something about the machine
you are using seems suspicious, walk
away. Report your suspicions to the
bank which owns the ATM. The five
or ten minutes you spend looking for
another machine is well worth it when
you consider the potential financial
and personal loss at risk.
Frank DeSomer is Operations Manager for
Peak Systems International Co., Ltd and the
Co-Chairman of AMCHAM’s Security/OSAC
Committee. He may be reached at:
desomerf@psi-protection.com
29