The Green Sheet Online Edition

March 22, 2010 • Issue 10:03:02

Police warn of new skimming devices

By Nicholas Cucci
Network Merchants Inc.

Police throughout the nation are warning cardholders that tech-savvy thieves are stepping up their game and swiping customers' hard-earned money through increasingly sophisticated skimming devices. These devices, which are smaller than cell phones, can be placed on ATMs or used by untrustworthy employees to steal sensitive data.

Recently, a band of thieves in New York City rigged ATMs to steal over $500,000. The worst part is these criminals are on the loose. Police have all three suspects' pictures but are unable to locate or identify them. Their appearances, through disguise, change daily.

Skimmer devices are placed directly over slots where customers swipe their cards to get cash from ATMs. The skimmer reads and stores sensitive personal information kept on the card's magnetic stripe. The skimmers are so small authorities have difficulty finding them. In New York, police were able to identify the location of the theft by analyzing victim data.

In Chicago, police are on the hunt for similar tech-savvy crooks who are snatching card information and later creating fraudulent cards to make withdrawals. The police obtained snapshots of the criminals but they, too, are still on the loose. They've hit five towns in the last year and stolen over $100,000. Recently, they made 17 fraudulent transactions in only 14 minutes.

What we're up against

Historically, fraudsters sent short message service (SMS) text messages to their cell phones when cards were wiped. Today, they use Bluetooth technology to connect to their computers or handheld devices, pulling information in real time. The skimmers directly connect wirelessly to any laptop or phone that supports a Bluetooth connection.

Fraudsters also use hidden cameras that are usually the size of a pinhole and extremely hard for the untrained eye to find. Previously they had to align the video and the swipe to see a victim's PIN. This was unreliable since crooks had to link the magnetic data with PIN data. Now, Bluetooth devices allow crooks to steal information faster and with accuracy.

"The thieves collect the magnetic stripe data and film the victims entering their PIN at the same time," said Roy Derby, Deputy Chief of Police in Bloomingdale, Ill. "Then the criminals create their own phony cards and use the PINS to dip into the bank accounts." Skimmer devices affect everyone. Customers feel violated and are frightened about identity theft. Banks are troubled, too. Their customers' information is stolen; they're losing money and goodwill and are ultimately responsible for reissuing new cards, which isn't cheap. People typically don't realize they have fraudulent charges on their accounts until it's too late.

Some thieves remove the daily allowed limit from the account right off the bat. Bank customers who have mobile alerts set up on their accounts can receive SMS alerts when they've reached or exceeded their daily limit. Others are not as lucky.

How theft will happen

According to the Federal Trade Commission, the five most common ways ID theft will happen in 2010 include:

1. Dumpster diving: Rummaging through trash looking for bills or any kind of paper with personal information in it.

2. Skimming: Stealing card information by using cameras and special storage devices.

3. Phishing: Pretending to be financial institutions or other trusted companies and sending spam in an effort to get you to reveal information.

4. Changing your address: Diverting billing state- ments to another location by completing a change of address form.

5. Old-fashioned theft: Stealing wallets and purses with sensitive information inside, pre-approved credit card applications, checks and even tax information.

What you can do

Here are common-sense tips you can employ, as well as convey to your merchant clients for them to use and pass on to their customers:

• Before swiping your card, check the machine and make sure nothing is attached. Most skimming devices are attached with double-sided tape or a magnet and can easily be removed.

• Shred all financial documents and paperwork with personal information before you throw them out.

• Do not carry your Social Security card in your wallet or purse. Keep it in a safe place, and do not give out the number unless absolutely necessary.

• Do not give out any personal information over the phone, through e-mail or over the Internet unless you know who you are dealing with.

• Make your passwords to accounts advanced. For example, do not use the last four digits of your Social Security number or your birth date; use a combination of random letters and numbers instead.

• Monitor your credit cards online; check daily or weekly for unauthorized charges. The law requires the three major consumer-reporting companies to give you a free copy of your credit report. View your credit report often and make sure no accounts are open that you don't recognize.

• Monitor your bank accounts online.

• When conducting financial transactions, watch out for suspicious activity around you, including at ATMs and restaurants. If an ATM looks tampered with, use another ATM.

Nicholas Cucci is the Marketing Director for Network Merchants Inc. He is a graduate of Benedictine University. Prior to joining NMI, Mr. Cucci worked in the payment processing division for a Fortune 500 company and has advised several large retailers on credit card fraud protection, screening and risk assessment. Nicholas can be reached at ncucci@nmi.com or 800-617-4850.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.