Criminals have created an undetectable device that is inserted into automatic teller machines (ATM) to fleece unsuspecting bank customers of their monies.
“You would have seen that they were doing these interesting things to ATMs, cloning the entire ATM machine or putting in readers on top of the legitimate reader that’s there. More recently they have been able to install readers that you (the customer) can’t see — the deep insertion readers. So you have situations where in an environment where you have complete control over your card, your information is still being stolen,” Senior Advisor in the Ministry of Science, Energy and Technology Trevor Forrest told the Jamaica Observer in an interview.
The deep insert skimmers, as explained by an American ATM manufacturer — NCR Corporations — is an undetectable wafer-thin fraud device made to be hidden inside the card acceptance slot on a cash machine. The devices, according to the company, are different from a typical insert skimmer, as they are placed in various positions within the card reader transport, behind the shutter of a motorised card reader and completely hidden from the consumer at the front of the ATM.
The company, in a security update posted on its website, said the devices are “unlikely to be affected by most active anti-skimming jamming solutions”. It also said they are unlikely to be detected by most fraudulent device detection solutions.
“Neither NCR Skimming Protection Solution, nor other anti-skimming devices can prevent skimming with these Deep Insert Skimmers. This is due to the fact the skimmer sits well inside the card reader, away from the detectors or jammers of SPS. NCR has developed a response to this attack, in the form of a modification to the card reader firmware. The firmware is designed to detect the insertion of the device, regardless of form factor, and send an alert,” the ATM manufacturers stated.
Officials from the Ministry of Science, Energy and Technology urged the public to be vigilant when conducting business, especially in giving out their personal information.
“How many times have you gone to a restaurant and they come, take your credit card, walk off with it and come back with the bill. It’s not advisable,” Forrest pointed out.
“Even at the gas station…a lot of people just drive up, hand over their card to the people, not coming out of their air condition, not looking at anything, and the person goes away [with your card]. What does that person do with the card when they leave? You don’t know,” Dr Moniphia Hewling, head of the Cyber Incident Response Team, added.
Another instance she highlighted was when computers are infected so that a hacker gains access to all information on the device.
“If your machine got infected, you’re a part of what we call a ‘botnet’, which is a robot network, and that hacker or group is able to now see everything you do on your device, so you went on and you did your Internet banking, they would now have all your Internet credentials, so they can defraud you that way. So you have credit card fraud, because people tend not to monitor these things. Your debit card, people worse don’t monitor that. You see some people chatting on the phones while entering their pin, somebody sees it, skim the card and your money is gone.”
In May Dr Hewling told the National Security Council that roughly US$100 million was lost to cyber fraud in 2016. The figure, which she said came from the police’s Counter Terrorism and Organised Crime division, included amounts stolen in ATM scams.
“I want to use the opportunity to inform Jamaicans and Jamaica that cyber security is important, cyber awareness is important,” Technology Minister Andrew Wheatley stressed. “We are not here to deter persons from using the technology; we want to encourage our citizens to embrace the technology, it is critical for us to embrace, understand and utilise the technology for our survival and for us to be competitive; but do so carefully.”
Added Dr Hewling: “Just like how they tell you that you must drink responsibly, they’re not telling you not to drink but to drink responsibly; we need you to use the technology responsibly… Be cyber safe and people need to think before they click. Think before you click.”