ATM fraud: Watch out for the big skim ATM CARD SKIMMING BCA customers in Bali report losses to police A number of Bank Central Asia (BCA) customers in Kuta, Bali, have complained that some of their bank savings are missing and have reported the case to the police, but the bank has said it will cover all the stolen money. The customers told Kompas.com on Wednesday they had lost between Rp 1 million (US$107) and Rp 5 million in each transaction they had made between Jan. 16 and 19. At least 10 customers have reported their losses to the Kuta Police. Detik.com even reported that one customer, identified only as Lily, had lost Rp 145 million in a single transaction which she did not make. BCA said in an official statement it suspected that thieves had recorded their victims' PIN numbers when the victims conducted transactions at ATMs. Using these PIN numbers, they then stole the customers' savings from the bank. BCA deputy president director Jahja Setiatmadja said the bank would normally reimburse customers' stolen money, and he regretted that the customers had reported the case to the police and not to the bank first. "We call on customers not to panic. Usually, if something happens,
BCA
will
cover
[the
losses],"
he
told
www.kompas.com.
National Police chief of detectives Sr. Comr. Ito Sumardi said the police had summoned
G4S SECURITY ALERT/22 JANUARY 2010
Page | 1
all major bank chiefs on Wednesday to discuss ways to prevent such banking thefts spreading.
Albert (not verified) — Tue, 12/02/2008 - 11:27am Well, this happened to me in Bali last week I guess. My whole BCA account has been emptied in 4 days time, over a weekend. BCA denies that the technique from this story exists and is asking me to wait 14 working days to " investigate". I always use BCA ATM's, so in what way can I hold the bank responsible for letting my money being stolen?
G4S SECURITY ALERT/22 JANUARY 2010
Page | 2
How to prevent card skimming and protect yourself from being scammed at the ATM ATM SKIMMING – What is It? ATM skimming is a method used for stealing your identity during an ATM transaction. This method utilizes a credit card skimmer to collect, record and store your credit card number and pin number. The person "Skimming" your card can then use this information to program his own credit card with your information! This skimming device, when placed on the ATM machine is virtually undetectable if you are not looking for it. It looks like a normal part of the ATM. And just when law enforcement agencies have gotten a handle on the technology being used by ATM skimmers, along comes a break through technology that is leaving even veteran investigators astounded. The first device discovered by an ATM user and obtained by authorities was taken to the CIA and they indicated they had not seen anything like it!
camera concealed in the fake speaker would then record the pin number entered and stored it on a flash memory card. The perpetrator would then steal a gift card that has not been activated and transfer the account information to the gift card via the magnetic strip thus turning it into an ATM card. This device has been credited with stealing in excess of $300,000 from peoples accounts in Pennsylvania! In order to prevent being taken at the ATM, the obvious safeguards should be taken. Look for anything that just doesn't appear to belong, or looks out of place such as the fake speaker or a skimming device placed over the card slot. Also, when typing in your pin number, shield the keypad with your other hand in case there is a camera watching. Always check your bank statements or better still, apply for on line account monitoring with your bank so you can check instantly to see if someone has been in your account.
The method used included two devices. A type of skimmer placed over the card slot on the ATM accompanied by what appeared to be a speaker mounted on the ATM above the keypad. When the card was inserted, a device placed over the slot scanned the magnetic strip and the account information was sent (wireless ) to a modified cell phone hidden behind the fake speaker placed on the ATM above the keypad. A small G4S SECURITY ALERT/22 JANUARY 2010
Page | 3
1.
2.
3.
4.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 4
5.
6.
7.
8.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 5
9.
10.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 6
11.
12.
13.
14.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 7
15.
16.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 8
17.
18.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 9
19.
20
G4S SECURITY ALERT/22 JANUARY 2010
Page | 10
21.
22.
23
24.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 11
2. Step 2 Be vigilant even before you approach the ATM - check out your surroundings are there suspicious-looking people hanging around? If you feel uncomfortable, it's best to locate another machine or to wait until you feel it's safe to use the ATM. Alternatively, you can withdraw money from inside the bank, although this is not possible outside of banking hours, and may also attract a higher withdrawal fee. 3. Step 3
Automatic teller machine
Although ATMs are a quick and convenient way to get cash, you need to be aware of others who may try to rob you of your hard-earned money. Here are some tips to keep from being scammed at the ATM, and to protect both yourself and your cash. INSTRUCTION : 1. Step 1 Unless it's absolutely critical, avoid using an automatic teller machine (ATM) after dark or in the early hours of the day. Avoid using an ATM in a deserted area. Where possible, try and use an in-store ATM or one that's located in a busy or visible area, such as a bank or shopping mall.
Once at the ATM, check for hidden cameras or skimming machines. A skimming machine is an electronic device that fits over the card entry slot on the ATM. The skimming device copies the details stored on the card's magnetic strip. With today's technology, cameras can be tiny and skimming machines may be difficult to identify. If you're unsure, ask a bank employee for help or use another ATM. While banks install cameras for security purposes, they will not position them to record activity on the keypad. Try and block the keypad when you enter your personal identification number (PIN) in case hidden cameras have been placed in the ATM. Do this by covering the keypad with your other hand or a handbag (to block the view from above), and stand as close to the ATM as possible to block the view from the back and sides.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 12
4. Step 4
purse, handbag or pocket. Count it when it is safe to do so.
If you have difficulties using the ATM, do not accept help from a stranger or someone posing as a bank employee, no matter how sincere they appear to be. Only enter your PIN when prompted by the machine. Criminals may have jammed the ATM in some way and you enter your PIN while they look on under the pretense of helping you. If the ATM swallows your card, contact your bank immediately. 5. Step 5 Do not let anybody distract you. Keep your eye on your card at all times, especially when the transaction is completed and the card is returned to you. Criminals have a number of different ways they can distract you and end up with both your card and your cash. For example, they may say you dropped something and in the instant you look down, they grab your money and your card from the machine. Criminals may claim they're experiencing difficulty with the ATM and ask for your help to show them how it works using your card and PIN. Criminals can switch cards with you in an instant and the next time you try and withdraw money, you find out the card in your possession is not yours. 6. Step 6 Once you have withdrawn the money, store it immediately in a secure place such as a wallet,
G4S SECURITY ALERT/22 JANUARY 2010
Page | 13
DAN UPAYA PENCEGAHANNYA HILANGNYA UANG NASABAH VIA ATM ronika, timbul kekuatiran juga melihat para nasabah yang kehilangan uangnya hingga ratusan juta, sampai pagi ini saya melihat di berita total uang nasabah yang sudah hilang sebesar 330 Milyar, berikut berita lengkapnya. Baru-baru ini di indonesia, khususnya di pulau bali sangat dihebohkan oleh kejadian berkurangnya saldo para nasabah bank BCA padahal mereka tidak melalukan pernarikan. Kasus pembobolan ATM BCA serta lima bank lainnya di Bali hingga Rabu (20/1/2010) malam ini membuat sejumlah nasabah BCA khawatir. Mereka pun terus mendatangi ATM BCA guna mengecek jumlah saldo yang tersisa, bahkan menariknya. Pihak BCA sendiri telah berjanji untuk mengembalikan semua dana nasabah yang hilang dibobol secara misterius. “. dengan kejadian ini maka masyarakat menjadi semakin waswas , karena kejadian ini tidak hanya dialami oleh nasabah BANK BCA saja ,
Berita Hilangnya Uang Nasabah di ATM di Bali dan Jakarta tersebar diberbagai media massa dan elekt namun juga dialami oleh beberapa BANK lainnya seperti BANK MANDIRI, BANK BNI, BANK BII, BANK PERMATA. hal serupa juga terjadi tidak hanya dibali , banyak kejadiaan di jakarta sebenarnya apasih yang terjadi? Peristiwa ini merupakan kejahatan atm yang disebut “ATM fraud”. metode yang digunakan adalah ATM skimming. apa itu ? masih terasa asing ya? ATM skimming merupakan suatu cara untuk menyaring data yang ada pada kartu ATM atau kartu Kredit kemudian menyimpannya kedalam suatu device tertentu dan kemudiang membuat ATM fake nya. metode dinilai cukup berhasil untuk mengambil uang korban. apabila diibaratkan dalam lingkup jaringan maka metode ini menyerang pada bagian clientnya yang dalam kasus ini adalah nasabah. keamanan server yang dalam hal ini adalah BANK sebenarnya tidak langsung diserang, karena bank tetap berjalan sesuai prosedur yang telah ada, bank (dalam hal ini merupakan sistem yang ada G4S SECURITY ALERT/22 JANUARY 2010
Page | 14
pada ATM) akan tetap mengeluarkan uang selama dia membaca data dan pin yang sesuai. ATM tidak mampu untuk menilai apakah ini fraud atau bukan. alat ini umumnya dipasangkan menempel pada slot ATM. berikut ini merupakan gambar alat yang digunakan untuk menjalankan modus ini.
alat diatas adalah alat yang digunakan untuk merekan atau mengcopy semua data yang berada pada magnetic-stripe stripe ATM korban. korban Buat yang belum tahu, magneticmagnetic stripe itu seperti tape kaset aja layaknya, material ferromagnetic yang dapat dipakai untuk menyimpan data (suara, gambar, atau bit-bit bit biner). Untuk kartu, ada 3 track data. G4S SECURITY ALERT/22 2 JANUARY 2010
Page | 15
atau kalo maw taw bentuk fisiknya , yaitu garis lebar hitam yang berada dibagian belakang kartu ATM. Selain itu ada lagi alat tambahan yaitu kamera pengintai kecil yang bertujuan untuk merekam PIN korban pada saat korban sedang mengetikan pinnya. dimanakah dia meletakkan kamera pengintai di atm itu? ni dia jawabannya: pokoknya tempat meletakan kamera pengintainya adalah tempat yang memungkinkan untuk merekam pergerakan jari saat menginput pin. kamera yang digunakan umumnya adalah mini kamera. Pakar IT Perbankan Ruby Alamsyah menyatakan, masyarakat harus waspada dengan keberadaan ATM Skimmer atau ATM asli yang telah dipasangi perangkat lunak sehingga mirip ATM aslinya. ATM Skimmer ini berfungsi untuk mengcopi kartu ATM nasabah. Tak hanya itu. Ruby juga mengimbau warga agar waspada dengan keberadaan boks terbuka berisi pamflet tanpa penutup di samping mesin ATM. Boks ini biasanya digunakan untuk memasang Spy-Camera untuk merekam nomor pin calon korbannya.
kedalam mesin ATM yang telah dilengkapi dengan ATM skimmer maka alat tersebut akan merekam data yang ada pada kartu tersebut. kemudian saat nasabah memasukan pin nya makan spy-cam akan merekamnya sehingga penjahat ni mengetahui pinnya. singkat cerita dibuatlah ATM tiruan yang datanya berasal dari alat tadi kemudian sipenjahat tinggal beraksi saja menarik uang sesuka hatinya dengan ATM palsunya itu.
Cara pencegahannya cara pencegahannya dapat dilakukan dengan beberapa cara * Memasang ATM skimmer detectot * Merubah desain ATM saat ini sehingga menjadi lebih AMAN * Mengganti Pin ATM anda Secara Berkala * Ketika memasukkan PIN ATM sebaiknya tutup dengan tangan anda, meskipun sudah ada pelindung dari ATM * Memasukkan kembali kartu ATM ke mesinnya seusai melakukan transaksi dan memasukkan nomor PIN lain yang salah untuk mengecoh dan kemudian membatalkan proses tersebut.
kronologis kejadiaan ini adalah saat nasabah memasukan kartu ATM G4S SECURITY ALERT/22 JANUARY 2010
Page | 16
untuk nasabah, harap selalu berhati2 ketika akan mengambil uang di ATM, harap periksa terlebih dahulu kondisi sekitar khususnya pada mesin ATM , apakah ada yang ganjil atau tidak. kemudian saat memasukkan PIN, harap menutup gerakan jari dengan jari dengan tangan yang lainnya, tujuannya agar apabilla terdapat spy-cam maka dia tidak akan mampu mendapatkan pin kita.
G4S SECURITY ALERT/22 JANUARY 2010
Page | 17