Asides using physical threats of violence at Automated Teller Machine points, fraudsters have found other ways of robbing unsuspecting Nigerians via their ATM cards, ARUKAINO UMUKORO writes
A few weeks ago, Bola, as she preferred to be addressed, who just relocated to Nigeria from the UK, received a rude welcome to the world of Automated Teller Machine transaction in her country of birth.
She had just collected her ATM card from her bank and was looking forward to withdrawing money with it later that evening.
On getting to the ATM point at Mushin area, she met five persons there waiting. Two left immediately after making their withdrawals, while the other three men asked her to go ahead and make her withdrawal.
“It seemed as if they were waiting for somebody,” Bola recollected. She was mistaken.
Being her first time of using the ATM card, she changed her Personal Identification Number and then proceeded to withdraw N20,000. “It was around 7.30pm, and I was all by myself. Then I felt something like a gun pressed on my back from behind, the other guys had surrounded me and they demanded that I gave them all the money. Knowing that it was futile to argue with them, I just did what they asked.”
Just then, her phone rang out loud. It was a message informing her of the transaction. One of the guys snatched the phone from her, checked the message and realised she still had some money left.
“They asked me to withdraw the rest of the money in my account. It was like a movie. I lost N80,000 that day,” she said, adding that she felt numb after the incident and couldn’t tell anybody about it, until recently.
Many Nigerians have fallen victim to such incidents. And like Bola, they may not report it to the police or bank authorities for sundry reasons.
An expert on security matters, Mr. Obadare Adewale, pointed out that fraudsters now resort to the threat of physical attack to rob their victims at ATM points because they cannot clone ATM cards like they used to do in the past.
“This is because the new ATM card, whether for debit or credit, is a chip-and-pin type. This ensures that the embedded microchip makes the card extremely difficult to counterfeit or copy if it’s lost or stolen. With the chip-and-pin, it is not possible to fraudulently duplicate and steal other people’s money using their ATM cards, unlike before, when ATM cards were magnetic fibre cards which could be cloned. As a result, card-cloning fraud has drastically reduced in Nigeria.
“The Central Bank of Nigeria has mandated all banks in the country to be EMV compliant. Nigeria has joined countries like France and UK, although the US still uses magnetic fibre cards,” he said.
According to Wikipedia, EMV, which means Europay, MasterCard and Visa, is a ‘global standard for inter-operation of integrated circuit cards and IC card capable point of sale terminals and automated teller machines. It is used for authenticating credit and debit card transactions.”
Many countries, like Nigeria, are said to prefer chip cards because the feature makes purchasing abroad easier.
As a result of this security development, fraudsters have developed other means of robbing people of their money. Adewale recounted a recent occurrence.
“It happened at a shopping mall, I don’t want to mention the name. A woman’s handbag was stolen from where she forgot it. The bag contained her ATM debit card and her driving licence. Unfortunately for her, the fraudsters were able to guess correctly that her date of birth was her PIN. That was how they started withdrawing and spending her money,” he said.
This is the reason why the Executive Director, Business Development, Nigeria Inter-Bank Settlement System Plc, Mrs. Christabel Onyejekwe, advised that people should avoid using their dates of birth as PIN numbers.
“Those fraudsters could get it after three or four attempts. Don’t use your birth date because it can be easily known. First and foremost, make your pin very distinct,” she told SUNDAY PUNCH.
Another method fraudsters use nowadays is through ‘phishing’ emails.
These are scam emails sent to many where the bank customer is asked to click on a link to ‘complete the upgrade of their Internet banking account to a safer platform.” Sometimes, some people innocently fill the fraudulent form sent to them which would expose their bank statement and transaction details.
“In some cases, these fraudsters, fronting as bank officials, also call customers on the phone to request for their Internet banking token details. That was how a bank customer lost over N6m.
“On no account should you reply any email like that and do not click on the link or give somebody your PIN number or token details on the phone. No bank will ask you for such details on the phone,” Adewale said.
It has become a common method so much that many banks now send disclaimer emails to their customers.
When these fraudsters don’t resort to physical attack or send phishing emails, they look for loopholes whenever online transactions are being carried out.
“For Internet transactions, referred to as ‘card not present’ transaction, you need the Primary Account Number, that is the number at the front of the card, the Card Verification Value, the three numbers at the back of the ATM card, and your PIN number.
“And what most of these fraudsters do is that they carelessly roam about in places where these transactions are done. So, if you hold your card carelessly, someone can quickly cram the digits in front of the card and the three digits at the back of the card. Then, they can do transactions on your behalf. Some websites only need the PAN and CVV, but some others may ask for the PIN also,” Adewale added.
Although the use of ATM card details for such online purchases and transactions is quite secure because, like Onyejekwe noted, “they are registered merchants and dealers.”
She advised people to do such online transactions in secure and registered cyber cafes.
“Don’t walk into cyber cafes that are not registered. There are registered cyber cafes on the Nigerian Communications Commission website,” she said.
Since the ATM was introduced into the Nigerian market over a decade ago, there has been a rapid growth in the volume of transactions with ATM cards nationwide.
Fraudsters have also found different methods to beat whatever security measures put in place.
However, this worrying trend is not only common to Nigeria.
In April, US federal prosecutors said $45m was stolen in a few hours after a global network of hackers hacked a database of prepaid debit cards and subsequently used it to loot financial institutions around the world. A US lawyer had described it as “a massive 21st-century bank heist.”
Also, statistics released by the European ATM Security Team in April showed that total ATM related fraud incidents increased from 20,244 in 2011, to 22,450 in 2012. While losses due to ATM related fraud attacks rose by 13 per cent from €234m to €265m.
The report noted that the rise was due to an increase in losses due to card skimming attacks, which rose 12 per cent from €232m to €260m.
“The majority of ATM related card skimming losses continue to be international (losses outside national borders by criminals using stolen card details) with most occurring in countries outside of Europe. Such losses increased by 21 per cent when compared to 2011. The top three locations for such losses were the USA, the Dominican Republic and Brazil,” the report stated.
Protect yourself from ATM theft
• Get in the habit of using the same ATM for your transactions. Become familiar with it and be able to recognise changes to the machine.
• Use ATMs inside banks rather than on the street (where they’re easier for thieves to access).
• If you’re visiting an unfamiliar ATM that is not inside a bank, examine it carefully for devices. Card or cash trapping devices need to be glued or taped to the card reader or cash dispenser. Look for ‘extra’ cameras beyond the basic and generally obvious ATM security camera.
• Never rely on the help of strangers to retrieve a confiscated card.
• Never use an ATM when other people are lingering.
• Report confiscated cards immediately. If you can, don’t leave the machine. Instead call the bank from the ATM where your card was taken using a cell phone.
• Don’t use ATM with extra signage or warnings posted on the machine.
• Never follow a link in a supposed bank email notice. If you are wondering if your bank has really contacted you via email, then close the email and directly type your bank’s website address into your browser. Visit your account and look for update notices directly on your account or bank’s website. The email is almost always a phishing scam.
Source: www.scambusters.org