Home & Office

Improved security features, processes to curb ATM skimming

Financial industry's move toward chip-based technology for ATM cards and enhancing security processes will help prevent 2012 from being the "year of ATM skimming", say industry insiders.
Written by Ellyne Phneah, Contributor

It is too "premature" to christen 2012 as "the year of ATM skimming", as banks are reinforcing security by migrating to more secure, chip-based ATM cards as well as strengthening security processes and stepping up customer education initiatives. Automated teller machines vendors are constantly introducing anti-ATM skimming measures, too, say insiders.

Monetary Authority of Singapore (MAS) Director and Special Advisor Tony Chew had noted in February that payments card fraud was one of the top threats faced by banks currently. He also predicted that 2012 will be the year of ATM skimming, not unlike the spate of unauthorized cash withdrawals that afflicted customers of local bank DBS that same month.

While acknowledging that ATM skimming is always a real risk for banks and their customers, Aliza Shima Mohammad Kasim, industry analyst of ICT practice at Frost & Sullivan, said the declaration of 2012 to be the year of skimming is "premature".

She explained that ATM skimming is done by the perpetrator installing a device over the card slot of an ATM, which then reads the information stored on the ATM card's magnetic strip when users insert it into the machine. Such a device is often used in conjunction with a camera discreetly attached to the machine to capture the user's PIN (personal identification number).

To mitigate this threat, banks can upgrade the ATM card to a chip-based version as it will give card skimmers a "difficult time" in decrypting the information, the analyst noted. Already, banks are in the process of migrating to such cards, she added.

The Monetary Authority of Singapore (MAS), for one, told ZDNet Asia that it had been working with financial institutions on a comprehensive payments card security enhancement roadmap since 2010. Part of this roadmap involved migrating credit and debit cards to the global EMV standards, which is based on chip card technology, to enhance the cards' security function, the spokesperson said.

Jaroslaw Knapik, senior analyst of financial services technology at Ovum, also noted it will not be so easy for people to conduct ATM skimming given that vendors such as NCR and Wincor-Nixdorf are constantly updating their technologies to cope with such crimes. In fact, these vendors may be compelled to improve their embedded security features in light of what happened with the DBS ATMs, he said.

The vulnerability lies in older, less protected ATMs though, which is why manufacturers should upgrade their older machines, Knapik pointed out.

"Multi-step" security to curb ATM skimming
For banks, they must consider a "multi-step security concept" that uses the most advanced technology devices to prevent anti-skimming and associated software, as well as review and strengthen existing processes, urged Ricardos Khoury, regional vice president and head of Asia-Pacific banking division at Wincor-Nixdorf.

The company, for example, has invested in new intelligent anti-skimming devices that helps monitor the entire ATM card slot environment for illegally mounted intrusion mechanisms, he said. The device is embedded in the ATM and is not visible, so if a skimming attack occurs, the company is notified and the machine can be put out of service, he explained.

Standard Chartered revealed that its branches perform checks on ATMs on a daily basis for unauthorized skimming devices, and also have a dedicated team that monitors and identifies any suspicious transactions on a 24-hour basis.

"A call back to the customer will be conducted with [any] suspicious cash withdrawal, and free SMS notifications for our customers' credit card transactions, fund transfers and cash withdrawals are offered," the bank's spokesperson said. "These act as an additional layer of defense against fraudulent activities."

Beyond enhancing and monitoring technology, Kasim noted that most ATM skimming incidents occur due to customer negligence allowing perpetrators to take advantage of people's carelessness, and this emphasized the need for customer education.

"If customer are attentive and vigilant, [such as] reporting immediately upon observing a foreign device attached to the ATM reader, the problems of ATM skimming will be eliminated," she said.

This is why a UOB spokesperson reiterated that it is actively educating customers by recommending they take precautionary steps such as being observant, keep their PINs confidential, and reporting any concerns to the bank immediately.

Editorial standards