ATM security tips for banks and consumers

Tonya Hall talks to Charles Henderson, global managing partner and head of X-Force Red at IBM, to learn more about discovering ATM vulnerabilities as a consumer and as a banking agency.

A member of an ATM skimming ring ended up in jail after participating in a $ 400,000 criminal program from banks in Massachusetts, New York and New Jersey.

Bogdan Rusu, from Queens, New York, previously pleaded guilty for one count of conspiracy to commit bank fraud for US district judge Esther Salas in Newark federal court, the US Department of Justice (DoJ) said Tuesday.

ATMs are convenient ways to access funds and can be found everywhere in cities. However, it is possible to use devices called “skimmers” – often a combination of card reader and camera – to obtain card numbers and pin codes. These numbers can then be used in the manufacture of cloning cards to perform fraudulent transactions.

Between August 2014 and November 2016, Rusu and other members of the US group have compromised ATMs in the US, targeting different banks and territories.

Card shooters were installed to record payment card information, including account and PIN numbers, which were then transferred to devices controlled by the attackers for use in counterfeit payment cards.

Victims who had accidentally used the compromised ATMs subsequently discovered that fraudulent transactions were taking place. In total, at least $ 390,141 was stolen from the victim’s bank accounts.

An investigation initiated by police forces in Massachusetts and Boston, the US secret service, the public prosecutor’s office and others led to multiple arrests.

Rusu has been sentenced to five years in prison, followed by three years of controlled release. 11 other defendants involved in the ATM skimming ring have pleaded guilty.

In October, US prosecutors revealed a charge that uncovered arrests related to a massive ATM skimmer gang allegedly responsible for hundreds of criminal operations in at least 18 states that led to the theft of at least $ 20 million.

If found guilty, the 18 suspects – traced and arrested in the US, Italy and Mexico – are confronted with decades behind bars on charges of bank fraud, fraud with access equipment, wire fraud and aggravated identity theft.

According to Positive Technologies, the average cash machine takes no longer than 20 minutes to be hacked. After testing ATMs from NCR, Diebold Nixdorf and GRGBanking, cyber security experts discovered that the majority were not properly securing network access, some were susceptible to spoofing of communication at the processing center, and others could be exploited for remote control.

