DALLAS -- Hackers successfully accessed Citibank's network of ATMs inside 7-Eleven stores, stealing millions of dollars and personal information from unsuspecting customers, CSNews Online reported yesterday. It is estimated the breach began in October of last year. To date, it is unclear how many of Citibank's approximately 5,700 branded ATMs in 7-Eleven stores were impacted.
7-Eleven spokeswoman Margaret Chabris told CSNews Online: "7-Eleven Inc. is aware of the federal investigation in New York concerning ATM fraud that has apparently impacted Citi customers. It is 7-Eleven's policy not to comment on any aspects of this matter because it is an ongoing investigation."
Citibank, part of Citigroup Inc., has declined to comment on the technique or how many customers' accounts were compromised. It said it notified affected customers and issued them new debit cards.
"We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts," the bank said in a statement released last week.
Citibank does not own or operate the machines. The Houston-based Cardtronics Inc. owns all the machines, but only operates some, while the Brookfield, Wis.-based Fiserv Inc. operates the remaining machines.
"We understand that Citibank has already contacted any account holders who may have been impacted or that needed to receive a replacement card," said Chabris. "However, 7-Eleven is confident that its ATM provider, Cardtronics, has included the appropriate safeguards designed to prevent unauthorized access to our customers' personal data in the ATMs located in our stores today."
In other news, Unisys Corp.'s Canadian subsidiary, Unisys Canada, was awarded a contract from NEC Corp. of America to provide outsourced IT support services for 470 7-Eleven retail convenience stores throughout Canada.
"Unisys outsourcing expertise combined with NEC's retail solution integration skills will assist us in growing our 7-Eleven business in Canada," Sharon Stufflebeme, 7-Eleven's chief information officer, said in a released statement. "We'll be able to serve our customers more effectively and efficiently through enhanced in-store technology support."
Valued at $6 million over a three year term, the contract states that NEC Corp. of America is the prime contractor and will manage applications development and support for 7-Eleven Inc. Unisys Canada will provide maintenance and support services for IT back-office equipment, on-site wireless networks, point of sale (POS) and inventory ordering systems for the 470 Canadian 7-Eleven retail stores from Ontario to British Columbia.
"We look forward to working with Unisys on this important initiative," Naohide Takatani, general manager, Retail Solutions Group for NEC Corp., said in a released statement. "Drawing on Unisys expertise in technology support and maintenance in this engagement with 7-Eleven expands the range of benefits we can provide our client."
Bob Binns, president, Unisys Canada, said in a released statement: "Unisys is confident that in working with our partner NEC, we will provide 7-Eleven with a secure, flexible IT infrastructure that can accommodate its growing business in Canada."
Showing posts with label Debit card fraud. Show all posts
Showing posts with label Debit card fraud. Show all posts
Wednesday, July 9, 2008
Sunday, July 6, 2008
Hackers crack cash machine PIN codes to steal millions - business.timesonline.co.uk - 03 Jul 2008
Millions of bank customers face a new threat to their money after it emerged yesterday that hackers had cracked PIN codes used in cash machines.
Citibank machines in 7-Eleven convenience stores across America were the target of the biggest and most effective remote PIN code theft scam in US banking history between last autumn and this spring when at least $2 million (£1 million) was stolen.
Details of the fraud have only now been made public, as the case makes its way through the US District Court for the Southern District of New York.
The alleged hackers — Yuriy Rakushchynets, Ivan Biltse and Angelina Kitaeva — are accused of stealing at least $2 million through the PIN scam and have been indicted on two counts each of conspiracy and fraud. It is thought that a much larger sum of money might have already been transferred to Russian bank accounts — and there are suggestions that the actual hacking was performed by another party, with the defendants simplyThe ring-leader of the three suspects is Mr Rakushchynets, a 32-year-old Ukrainian and a regular contributor to underground online credit card fraud forums. When he was arrested by the FBI — he was already under investigation for his suspected role in a separate $5 million hacking scam — agents found $800,000 of cash at his Brooklyn home, most of it stuffed into rubbish bags.
PIN codes have always been the most closely guarded secrets in banking transactions, and the are supposed to be encrypted the very second they are tapped into a keypad. Until recently, it was virtually impossible to get at them without physically looking over someone’s shoulder as theypunched in their digits to withdraw money. Indeed, scams involving strategically placed mirrors or tiny video cameras have become something of a common threat for banks.
Other cash machine crime has involved fraudsters setting up fake keyboards to glean PINs — or, for less sophisticated criminals, simply crashing a car into the wall of a bank and hoping it breaks open the part of the cash machine where the banknotes are stored. PIN codes have also been obtained through so-called e-mail “phishing” scams.
But technology has changed over the past few years. The infrastructure is now built on Microsoft’s Windows operating system, and the cash machines themselves can be remotely diagnosed and repaired online. Unfortunately, this means that PIN codes have started to “leak” along the way — suggesting that industry guidelines on encryption are not always being followed.
“PINs were supposed be sacrosanct,” says Avivah Litan, a security analyst with the Gartner research firm. “What this shows is that PINs aren’t always encrypted like they’re supposed to be. The banks need much better fraud detection systems and much better authentication.”
So far it is not clear how many Citibank customers were affected by the hackers. The bank has nearly 5,700 Citibank-branded cash machines inside 7-Eleven stores, but it does not own or operate any of them. The maintenance of the machines is carried out by two companies: Cardtronics, based in Texas, and Fiserve, based in Wisconsin.
It remains unknown — or at least undisclosed — exactly how the hackers infiltrated the closely guarded computer network, although it has been confirmed that they broke in through a server at a third-party processing company, meaning they almost certainly did not have to go anywhere near a cash machine or a 7-Eleven store. Once they obtained the PIN codes, the hackers could then simply make blank cards and use them to withdraw funds from compromised accounts at virtually any cash machine in the country.
Don Jackson, director of threat intelligence for the computer security company SecureWorks, said he had seen an “alarming” spike in the number of attacks on back-end computers for cash machine networks over the past year.
“What makes this case unique is the sheer luck of happening upon these guys and catching them red-handed,” he said. “But there are a whole lot of other and PIN compromises going on that aren’t reported.”
Citibank has declined to comment on the details of the case, saying only that it has notified affected customers and issued them with new debit cards. “We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts,” it said in a statement. Cardtronics has said it is co-operating with authorities, while Fiserv insists the intrusion did not happen on any of its servers.
“Fiserv is confident in the integrity and security of our system,” said a spokeswoman.
using second-hand information to make cash withdrawals. The wording of the indictment against them is vague
By Chris Ayres
Citibank machines in 7-Eleven convenience stores across America were the target of the biggest and most effective remote PIN code theft scam in US banking history between last autumn and this spring when at least $2 million (£1 million) was stolen.
Details of the fraud have only now been made public, as the case makes its way through the US District Court for the Southern District of New York.
The alleged hackers — Yuriy Rakushchynets, Ivan Biltse and Angelina Kitaeva — are accused of stealing at least $2 million through the PIN scam and have been indicted on two counts each of conspiracy and fraud. It is thought that a much larger sum of money might have already been transferred to Russian bank accounts — and there are suggestions that the actual hacking was performed by another party, with the defendants simplyThe ring-leader of the three suspects is Mr Rakushchynets, a 32-year-old Ukrainian and a regular contributor to underground online credit card fraud forums. When he was arrested by the FBI — he was already under investigation for his suspected role in a separate $5 million hacking scam — agents found $800,000 of cash at his Brooklyn home, most of it stuffed into rubbish bags.
PIN codes have always been the most closely guarded secrets in banking transactions, and the are supposed to be encrypted the very second they are tapped into a keypad. Until recently, it was virtually impossible to get at them without physically looking over someone’s shoulder as theypunched in their digits to withdraw money. Indeed, scams involving strategically placed mirrors or tiny video cameras have become something of a common threat for banks.
Other cash machine crime has involved fraudsters setting up fake keyboards to glean PINs — or, for less sophisticated criminals, simply crashing a car into the wall of a bank and hoping it breaks open the part of the cash machine where the banknotes are stored. PIN codes have also been obtained through so-called e-mail “phishing” scams.
But technology has changed over the past few years. The infrastructure is now built on Microsoft’s Windows operating system, and the cash machines themselves can be remotely diagnosed and repaired online. Unfortunately, this means that PIN codes have started to “leak” along the way — suggesting that industry guidelines on encryption are not always being followed.
“PINs were supposed be sacrosanct,” says Avivah Litan, a security analyst with the Gartner research firm. “What this shows is that PINs aren’t always encrypted like they’re supposed to be. The banks need much better fraud detection systems and much better authentication.”
So far it is not clear how many Citibank customers were affected by the hackers. The bank has nearly 5,700 Citibank-branded cash machines inside 7-Eleven stores, but it does not own or operate any of them. The maintenance of the machines is carried out by two companies: Cardtronics, based in Texas, and Fiserve, based in Wisconsin.
It remains unknown — or at least undisclosed — exactly how the hackers infiltrated the closely guarded computer network, although it has been confirmed that they broke in through a server at a third-party processing company, meaning they almost certainly did not have to go anywhere near a cash machine or a 7-Eleven store. Once they obtained the PIN codes, the hackers could then simply make blank cards and use them to withdraw funds from compromised accounts at virtually any cash machine in the country.
Don Jackson, director of threat intelligence for the computer security company SecureWorks, said he had seen an “alarming” spike in the number of attacks on back-end computers for cash machine networks over the past year.
“What makes this case unique is the sheer luck of happening upon these guys and catching them red-handed,” he said. “But there are a whole lot of other and PIN compromises going on that aren’t reported.”
Citibank has declined to comment on the details of the case, saying only that it has notified affected customers and issued them with new debit cards. “We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts,” it said in a statement. Cardtronics has said it is co-operating with authorities, while Fiserv insists the intrusion did not happen on any of its servers.
“Fiserv is confident in the integrity and security of our system,” said a spokeswoman.
using second-hand information to make cash withdrawals. The wording of the indictment against them is vague
By Chris Ayres
Monday, June 30, 2008
Another ATM fraud: Finland-based man loses Rs 11.6 lakh - expressindia.com - 29 Jun 2008
Pune June 29 Video tape shows fraudster wore helmet while withdrawing money
The ATM card fraudsters who have been on the prowl for some time now have scalped yet another citizen. This time, the victim is Umesh Maini of Koregaon Park. An account holder of IDBI Bank, Maini is currently working in Finland.
A fraudster got an ATM card by submitting a fake application at IDBI Bank in the name of Maini and used it for withdrawing Rs 11.6 lakh from his account over the last two months. While the money was withdrawn from various ATM centres equipped with CCTVs, the police and bank authorities checked the video recordings but could not identify him “because he was wearing a helmet during all the transactions”.
The police said that about two months ago, a man submitted a letter in the name of Umesh Maini to IDBI Bank for a cheque book and ATM card. He had made fake signatures of Maini on the letter. The bank officials thought that signatures were original and issued the ATM card and cheque book to him.
For two months, the man withdrew money from Maini’s account, using the ATM card. The fraud, however, came to light a couple of days ago when Maini’s father-in-law, also a resident of Koregaon Park, checked his account details.
The father-in-law rushed to the Fergusson College Road branch of IDBI Bank and told the bank authorities that someone had been withdrawing money from Maini’s account without consent. An amount of Rs 11.6 lakh was withdrawn from the account between April 24 and June 23 from various ATM centres in the city. IDBI branch manager Dhanajay Prabhakar Lele has lodged a complaint with the Shivajinagar police station.
Police Inspector S P Patil, the investigating officer, said that signature by the fraudster on the application for the ATM looks like original. “There are CCTVs installed in most of the ATM centres of IDBI Bank. We have checked the video records at the ATM centres at the time when money was withdrawn from Maini’s account. The criminal could not be identified because he was wearing a helmet during all the transactions,” said Patil.
The ATM card fraudsters who have been on the prowl for some time now have scalped yet another citizen. This time, the victim is Umesh Maini of Koregaon Park. An account holder of IDBI Bank, Maini is currently working in Finland.
A fraudster got an ATM card by submitting a fake application at IDBI Bank in the name of Maini and used it for withdrawing Rs 11.6 lakh from his account over the last two months. While the money was withdrawn from various ATM centres equipped with CCTVs, the police and bank authorities checked the video recordings but could not identify him “because he was wearing a helmet during all the transactions”.
The police said that about two months ago, a man submitted a letter in the name of Umesh Maini to IDBI Bank for a cheque book and ATM card. He had made fake signatures of Maini on the letter. The bank officials thought that signatures were original and issued the ATM card and cheque book to him.
For two months, the man withdrew money from Maini’s account, using the ATM card. The fraud, however, came to light a couple of days ago when Maini’s father-in-law, also a resident of Koregaon Park, checked his account details.
The father-in-law rushed to the Fergusson College Road branch of IDBI Bank and told the bank authorities that someone had been withdrawing money from Maini’s account without consent. An amount of Rs 11.6 lakh was withdrawn from the account between April 24 and June 23 from various ATM centres in the city. IDBI branch manager Dhanajay Prabhakar Lele has lodged a complaint with the Shivajinagar police station.
Police Inspector S P Patil, the investigating officer, said that signature by the fraudster on the application for the ATM looks like original. “There are CCTVs installed in most of the ATM centres of IDBI Bank. We have checked the video records at the ATM centres at the time when money was withdrawn from Maini’s account. The criminal could not be identified because he was wearing a helmet during all the transactions,” said Patil.
Sunday, June 29, 2008
The inside story of ATM fraud - sunnewsonline.com - 28 Jun 2008
Until the unthinkable happened, Adah Obande had always prided himself as a streetwise Nigerian. So streetwise he had never been a victim of pickpocket, burglary, room-to- let fraud, 419 scam or some high profile swindle. Caution was second nature to him; after all he was a security personnel trained to be one step ahead of criminals and their modus operandi. Both in his professional and private life his reflexes had never failed him as he had never lost a possession to a thief. However, his ironclad confidence was put to the test shortly after his return to Lagos from the last Christmas holiday.
Prior to the Yuletide, Obande had left the sum of N288,000 in his bank account. The last withdrawals he remembered doing were for the sum of N50,000.
Specifically, he withdrew first the sum of N20,000 from the Obalende branch of his bank. Then on 22nd December, the very day he set off for the village, he made another withdrawal of N30,000, this time using the Automated Teller Machine (ATM) at the Falomo branch of the same bank.
If his arithmetic was correct, Obande still had a tidy sum to start the New Year on a bright note. Unknown to him, he was in for a shock treatment as he glided across the polish floor of the bank to the counter. The cashier punched her buttons and then gave Obande an awkward look. “Sir, are you expecting any lodgement?” she asked as pleasantly as she could.
Obande was not expecting any deposit. He still had N288,000 left with the bank. Or so he thought. His account was in the red. He urged the cashier to check again, insisting there was a mistake somewhere. It was only a matter of minutes before the full explanation was given to him. The man almost had a heart attack as he was told that the N288,000 had been withdrawn via the ATM.
Before this shocker in the banking hall, Obande indeed had tried to withdraw some money in the morning of January 7th, 2008, using the ATM. At first, he had thought there was a problem with his ATM card because no matter how hard he punched, the machine kept telling him his account was empty. When he realized he might be in for a long haul, Obande accepted the advice of the bank staff at the Falomo branch of the bank to proceed to the bank’s headquarter at Marina. There he was handed over to one Mr. Tony who in recent times has found his job a little bit more fatiguing. Like his counterparts in almost all the banks, his desk is flooded on a daily basis with ATM-related complaints.
Investigations into Obande account would reveal that two faceless companies swept his N288,000 using the ATM.
The companies, or rather their addresses were given as www.immigration.com and www.earocontractor.com. The victim swore the companies did not belong to him. He never worked for them and had no business relationship with them. The theft was later reported to the Special Fraud Unit of the Nigeria Police.
On Thursday, June 5, between the hours of 1.20-3.10 p.m, this reporter was in the premises of the Opebi branch of First Bank, observing ATM users and their seeming frustrations. Of the 26 customers that used the cash dispenser within this period, not a few came out cursing under their breath. The issues ranged from cards trapped inside the machine to PIN (Personal Identification Number) rejection.
One particular customer, a middle-aged man was left with little choice but to cause a scene as he protested that the machine had cheated him.
Before his very eyes, the ATM machine had processed his request but instead of dispensing the cash, the machine merely opened his mouth, brandished the crisp notes for the eager customer to see, and then swallowed the money all by itself. For his troubles, the bewildered customer received instead a receipt of transaction showing he had just successfully withdrawn N15,000. A security guard, who from his grin was obviously familiar with the various ATM antics, did his best to calm and reassure the agitated customer. He would lead him inside the bank’s building to lay complaint on yet another ATM ruse.
If the myriad incidences witnessed that day at Opebi could be glossed over as part of the teething problem of e-payment system introduced to the economy only a few years ago, the same cannot be said of the loss last week of N175,000 to ATM fraudsters.
The victim, this time, is a media practitioner. The man, Mr. Iheanachor, told SATURDAY SUN that on the particular day, he had first attempted to withdraw some money using the ATM in the premises of Guarantee Trust Bank in the Okota area of Lagos. When that proved unsuccessful, he proceeded to Zenith Bank at the same Okota. The outcome was grimly the same. A third attempt, this time at Eko Bank in the same neighbourhood fetched him N20,000 cash. For him, the end would have justified all the troubles but for a text message that came some hours later from his bankers, Intercontinental Bank, informing him that N175,000 had been withdrawn from his account via the ATM. From bank records, the N175,000 was withdrawn in eight transactions. The account holder said he knew nothing about those withdrawals. The matter is under investigation.
On the rise
Every week, hundreds of bank customers across the major cities are finding their deposits or a substantial part of it stolen by faceless crooks. Sources within the Special Fraud Unit (SFU) confirmed that ATM fraud is on the increase in Nigeria. The statistic is alarming. The Central Bank of Nigeria (CBN) puts the losses to ATM-related theft last year alone at hundreds of millions of naira. It is about the commonest headache to all the banks in Nigeria and one seen by experts as capable of eroding in the long run the enviable gains of recapitalisation. At the moment,
By EMMANUEL MAYAH
Prior to the Yuletide, Obande had left the sum of N288,000 in his bank account. The last withdrawals he remembered doing were for the sum of N50,000.
Specifically, he withdrew first the sum of N20,000 from the Obalende branch of his bank. Then on 22nd December, the very day he set off for the village, he made another withdrawal of N30,000, this time using the Automated Teller Machine (ATM) at the Falomo branch of the same bank.
If his arithmetic was correct, Obande still had a tidy sum to start the New Year on a bright note. Unknown to him, he was in for a shock treatment as he glided across the polish floor of the bank to the counter. The cashier punched her buttons and then gave Obande an awkward look. “Sir, are you expecting any lodgement?” she asked as pleasantly as she could.
Obande was not expecting any deposit. He still had N288,000 left with the bank. Or so he thought. His account was in the red. He urged the cashier to check again, insisting there was a mistake somewhere. It was only a matter of minutes before the full explanation was given to him. The man almost had a heart attack as he was told that the N288,000 had been withdrawn via the ATM.
Before this shocker in the banking hall, Obande indeed had tried to withdraw some money in the morning of January 7th, 2008, using the ATM. At first, he had thought there was a problem with his ATM card because no matter how hard he punched, the machine kept telling him his account was empty. When he realized he might be in for a long haul, Obande accepted the advice of the bank staff at the Falomo branch of the bank to proceed to the bank’s headquarter at Marina. There he was handed over to one Mr. Tony who in recent times has found his job a little bit more fatiguing. Like his counterparts in almost all the banks, his desk is flooded on a daily basis with ATM-related complaints.
Investigations into Obande account would reveal that two faceless companies swept his N288,000 using the ATM.
The companies, or rather their addresses were given as www.immigration.com and www.earocontractor.com. The victim swore the companies did not belong to him. He never worked for them and had no business relationship with them. The theft was later reported to the Special Fraud Unit of the Nigeria Police.
On Thursday, June 5, between the hours of 1.20-3.10 p.m, this reporter was in the premises of the Opebi branch of First Bank, observing ATM users and their seeming frustrations. Of the 26 customers that used the cash dispenser within this period, not a few came out cursing under their breath. The issues ranged from cards trapped inside the machine to PIN (Personal Identification Number) rejection.
One particular customer, a middle-aged man was left with little choice but to cause a scene as he protested that the machine had cheated him.
Before his very eyes, the ATM machine had processed his request but instead of dispensing the cash, the machine merely opened his mouth, brandished the crisp notes for the eager customer to see, and then swallowed the money all by itself. For his troubles, the bewildered customer received instead a receipt of transaction showing he had just successfully withdrawn N15,000. A security guard, who from his grin was obviously familiar with the various ATM antics, did his best to calm and reassure the agitated customer. He would lead him inside the bank’s building to lay complaint on yet another ATM ruse.
If the myriad incidences witnessed that day at Opebi could be glossed over as part of the teething problem of e-payment system introduced to the economy only a few years ago, the same cannot be said of the loss last week of N175,000 to ATM fraudsters.
The victim, this time, is a media practitioner. The man, Mr. Iheanachor, told SATURDAY SUN that on the particular day, he had first attempted to withdraw some money using the ATM in the premises of Guarantee Trust Bank in the Okota area of Lagos. When that proved unsuccessful, he proceeded to Zenith Bank at the same Okota. The outcome was grimly the same. A third attempt, this time at Eko Bank in the same neighbourhood fetched him N20,000 cash. For him, the end would have justified all the troubles but for a text message that came some hours later from his bankers, Intercontinental Bank, informing him that N175,000 had been withdrawn from his account via the ATM. From bank records, the N175,000 was withdrawn in eight transactions. The account holder said he knew nothing about those withdrawals. The matter is under investigation.
On the rise
Every week, hundreds of bank customers across the major cities are finding their deposits or a substantial part of it stolen by faceless crooks. Sources within the Special Fraud Unit (SFU) confirmed that ATM fraud is on the increase in Nigeria. The statistic is alarming. The Central Bank of Nigeria (CBN) puts the losses to ATM-related theft last year alone at hundreds of millions of naira. It is about the commonest headache to all the banks in Nigeria and one seen by experts as capable of eroding in the long run the enviable gains of recapitalisation. At the moment,
By EMMANUEL MAYAH
Sunday, June 22, 2008
Thousands hit in ATM scam - 19 Jun 2008
Thousands of bank customers have been defrauded of millions of dollars in one of the most elaborate automatic-teller theft operations ever seen in the Toronto area, police said yesterday, announcing multiple arrests and the dismantling of a network of what they termed "debit-card labs."
Dozens of bank machines were compromised - possibly more - and investigators are still trying to assess the scope of the mass ripoff, said Staff Inspector Steve Harris of the Toronto fraud squad.
The scam involved surreptitiously recording customers' debit-card data as they did their banking and then transferring it to assorted types of phony, custom-modified cards being churned out in at least three different locations.
"I wouldn't say it's easy, it takes sophistication and you have to have the right equipment," Staff Insp. Harris said. "But this particular gang was sophisticated."
Eight people face a total of 101 charges, mostly fraud-related, in a scheme police say was spread across Toronto, York Region and Peel Region.
One of the counterfeit-card labs was in a large industrial complex in York. A second was in a Toronto apartment. A third was discovered in a car.
The scam was far from unique. Canadians are among the world's most prolific users of debit cards, and last year, thieves defrauded roughly 159,000 card holders of more than $100-million, statistics compiled by the Interac Association show. (As with credit-card theft, the losses are almost always picked up by the financial institution.)
This operation, however, displayed particular finesse.
After six weeks of surveillance and other covert work, the joint-forces investigation netted $120,000 in cash, skimmers, card readers, cameras, embossers, moulding machines, and other hardware.
And while all the major banks appear to have been hit, until experts have examined the 40 computers that were also seized, they won't know how many customers were defrauded.
"It's going to be thousands and thousands," Staff Insp. Harris said. As to the number of compromised bank machines, "I'd start with dozens, but that may expand."
Debit-card theft entails stealing and marrying up two sets of details: the data in the car's magnetic stripe and the user's PIN - personal identification number.
In this instance, the primary target was high-volume, 24-hour teller machines in satellite locations rather than on bank premises.
As lookouts kept watch, police said, the thieves were able in a matter of minutes to install near-invisible pinhole cameras in and around the ATM booths.
Simultaneously, they would insert plastic overlays over the machine's card-reader, containing reading equipment that would relay the data to a remote storage device.
The data would then be transferred on to all types of cards, new and discarded. Cards originating from outlets as diverse as Wal-Mart, Royal Bank, CIBC, Old Navy, Starbucks and Toys "R" Us were seized in the police raids.
Even long-discarded hotel-room cards can be custom-fitted with the data needed to drain or deplete a bank account.
"These were pretty much start-to-finish labs," Detective Ian Nichol said. "Anything with a magnetic stripe can ultimately be adapted for that use."
By TIMOTHY APPLEBY
Dozens of bank machines were compromised - possibly more - and investigators are still trying to assess the scope of the mass ripoff, said Staff Inspector Steve Harris of the Toronto fraud squad.
The scam involved surreptitiously recording customers' debit-card data as they did their banking and then transferring it to assorted types of phony, custom-modified cards being churned out in at least three different locations.
"I wouldn't say it's easy, it takes sophistication and you have to have the right equipment," Staff Insp. Harris said. "But this particular gang was sophisticated."
Eight people face a total of 101 charges, mostly fraud-related, in a scheme police say was spread across Toronto, York Region and Peel Region.
One of the counterfeit-card labs was in a large industrial complex in York. A second was in a Toronto apartment. A third was discovered in a car.
The scam was far from unique. Canadians are among the world's most prolific users of debit cards, and last year, thieves defrauded roughly 159,000 card holders of more than $100-million, statistics compiled by the Interac Association show. (As with credit-card theft, the losses are almost always picked up by the financial institution.)
This operation, however, displayed particular finesse.
After six weeks of surveillance and other covert work, the joint-forces investigation netted $120,000 in cash, skimmers, card readers, cameras, embossers, moulding machines, and other hardware.
And while all the major banks appear to have been hit, until experts have examined the 40 computers that were also seized, they won't know how many customers were defrauded.
"It's going to be thousands and thousands," Staff Insp. Harris said. As to the number of compromised bank machines, "I'd start with dozens, but that may expand."
Debit-card theft entails stealing and marrying up two sets of details: the data in the car's magnetic stripe and the user's PIN - personal identification number.
In this instance, the primary target was high-volume, 24-hour teller machines in satellite locations rather than on bank premises.
As lookouts kept watch, police said, the thieves were able in a matter of minutes to install near-invisible pinhole cameras in and around the ATM booths.
Simultaneously, they would insert plastic overlays over the machine's card-reader, containing reading equipment that would relay the data to a remote storage device.
The data would then be transferred on to all types of cards, new and discarded. Cards originating from outlets as diverse as Wal-Mart, Royal Bank, CIBC, Old Navy, Starbucks and Toys "R" Us were seized in the police raids.
Even long-discarded hotel-room cards can be custom-fitted with the data needed to drain or deplete a bank account.
"These were pretty much start-to-finish labs," Detective Ian Nichol said. "Anything with a magnetic stripe can ultimately be adapted for that use."
By TIMOTHY APPLEBY
Subscribe to:
Posts (Atom)