Asides using physical threats of
violence at Automated Teller Machine points, fraudsters have found other ways
of robbing unsuspecting Nigerians via their ATM cards A few weeks ago, Bola, as she preferred to be addressed,
who just relocated to Nigeria from the UK, received a rude welcome to the world
of Automated Teller Machine transaction in her country of birth. She had just
collected her ATM card from her bank and was looking forward to withdrawing
money with it later that evening. On getting to the ATM point at Mushin area,
she met five persons there waiting. Two left immediately after making their
withdrawals, while the other three men asked her to go ahead and make her
withdrawal. “It seemed as if they were waiting for somebody,” Bola recollected.
She was mistaken. Being her first time of using the ATM card, she changed her
Personal Identification Number and then proceeded to withdraw N20,000. “It was
around 7.30pm, and I was all by myself. Then I felt something like a gun
pressed on my back from behind, the other guys had surrounded me and they
demanded that I gave them all the money. Knowing that it was futile to argue
with them, I just did what they asked.” Just then, her phone rang out loud. It
was a message informing her of the transaction. One of the guys snatched the
phone from her, checked the message and realised she still had some money left.
“They asked me to withdraw the rest of the money in my account. It was like a
movie. I lost N80,000 that day,” she said, adding that she felt numb after the
incident and couldn’t tell anybody about it, until recently. Many Nigerians
have fallen victim to such incidents. And like Bola, they may not report it to
the police or bank authorities for sundry reasons. An expert on security
matters, Mr. Obadare Adewale, pointed out that fraudsters now resort to the
threat of physical attack to rob their victims at ATM points because they
cannot clone ATM cards like they used to do in the past. “This is because the
new ATM card, whether for debit or credit, is a chip-and-pin type. This ensures
that the embedded microchip makes the card extremely difficult to counterfeit
or copy if it’s lost or stolen. With the chip-and-pin, it is not possible to
fraudulently duplicate and steal other people’s money using their ATM cards,
unlike before, when ATM cards were magnetic fibre cards which could be cloned.
As a result, card-cloning fraud has drastically reduced in Nigeria. “The
Central Bank of Nigeria has mandated all banks in the country to be EMV
compliant. Nigeria has joined countries like France and UK, although the
US still uses magnetic fibre cards,” he said. According to Wikipedia, EMV, which means
Europay, MasterCard and Visa, is a ‘global standard for inter-operation of
integrated circuit cards and IC card capable point of sale terminals and
automated teller machines. It is used for authenticating credit and debit card
transactions.” Many countries, like Nigeria, are said to prefer chip
cards because the feature makes purchasing abroad easier. As a result of
this security development, fraudsters have developed other means of robbing
people of their money. Adewale recounted a recent occurrence. “It happened at a
shopping mall, I don’t want to mention the name. A woman’s handbag was stolen
from where she forgot it. The bag contained her ATM debit card and her driving
licence. Unfortunately for her, the fraudsters were able to guess correctly
that her date of birth was her PIN. That was how they started withdrawing and
spending her money,” he said. This is the reason why the Executive Director,
Business Development, Nigeria Inter-Bank Settlement System Plc, Mrs. Christabel
Onyejekwe, advised that people should avoid using their dates of birth as PIN
numbers. “Those fraudsters could get it after three or four attempts. Don’t use
your birth date because it can be easily known. First and foremost, make your
pin very distinct,” she told SUNDAY
PUNCH. Another method fraudsters use nowadays is through ‘phishing’ emails.
These are scam emails sent to many where the bank customer is asked to click on
a link to ‘complete the upgrade of their Internet banking account to a safer
platform.” Sometimes, some people innocently fill the fraudulent form sent to
them which would expose their bank statement and transaction details. “In some
cases, these fraudsters, fronting as bank officials, also call customers on the
phone to request for their Internet banking token details. That was how a bank
customer lost over N6m.
“On no account should you reply any
email like that and do not click on the link or give somebody your PIN number
or token details on the phone. No bank will ask you for such details on the
phone,” Adewale said.It has become a common method so much that many banks now
send disclaimer emails to their customers. When these fraudsters don’t resort
to physical attack or send phishing emails, they look for loopholes whenever
online transactions are being carried out. “For Internet transactions, referred
to as ‘card not present’ transaction, you need the Primary Account Number, that
is the number at the front of the card, the Card Verification Value, the three
numbers at the back of the ATM card, and your PIN number. “And what most of
these fraudsters do is that they carelessly roam about in places where these
transactions are done. So, if you hold your card carelessly, someone can
quickly cram the digits in front of the card and the three digits at the back
of the card. Then, they can do transactions on your behalf. Some websites only
need the PAN and CVV, but some others may ask for the PIN also,” Adewale added.
Although the use of ATM card details for such online purchases and transactions
is quite secure because, like Onyejekwe noted, “they are registered merchants
and dealers.”She advised people to do such online transactions in secure and
registered cyber cafes. “Don’t walk into cyber cafes that are not registered.
There are registered cyber cafes on the Nigerian Communications Commission
website,” she said. Since the ATM was introduced into the Nigerian market over
a decade ago, there has been a rapid growth in the volume of transactions with
ATM cards nationwide. Fraudsters have also found different methods to beat
whatever security measures put in place. However, this worrying trend is not
only common to Nigeria. In April, US federal prosecutors said $45m was stolen
in a few hours after a global network of hackers hacked a database of prepaid
debit cards and subsequently used it to loot financial institutions around the
world. A US lawyer had described it as “a massive 21st-century bank heist.” Also,
statistics released by the European ATM Security Team in April showed that
total ATM related fraud incidents increased from 20,244 in 2011, to 22,450 in
2012. While losses due to ATM related fraud attacks rose by 13 per cent from
€234m to €265m. The report noted that the rise was due to an increase in losses
due to card skimming attacks, which rose 12 per cent from €232m to €260m.“The
majority of ATM related card skimming losses continue to be international
(losses outside national borders by criminals using stolen card details) with
most occurring in countries outside of Europe. Such losses increased by
21 per cent when compared to 2011. The top three locations for such
losses were the USA, the Dominican Republic and Brazil,” the report stated.
Protect yourself from ATM theft
Get in the habit of using the same
ATM for your transactions. Become familiar with it and be able to recognise
changes to the machine. Use ATMs inside
banks rather than on the street (where they’re easier for thieves to access). If
you’re visiting an unfamiliar ATM that is not inside a bank, examine it
carefully for devices. Card or cash trapping devices need to be glued or taped
to the card reader or cash dispenser. Look for ‘extra’ cameras beyond the basic
and generally obvious ATM security camera. Never rely on the help of strangers
to retrieve a confiscated card. Never use an ATM when other people are
lingering .Report confiscated cards immediately. If you can, don’t leave the
machine. Instead call the bank from the ATM where your card was taken using a
cell phone. Don’t use ATM with extra signage or warnings posted on the machine.
Never follow a link in a supposed bank email notice. If you are wondering if
your bank has really contacted you via email, then close the email and directly
type your bank’s website address into your browser. Visit your account and look
for update notices directly on your account or bank’s website. The email is
almost always a phishing scam.
Source: www.scambusters.org
No comments:
Post a Comment