Asides using physical threats of violence
at Automated Teller Machine points,
fraudsters have found other ways of
robbing unsuspecting Nigerians via their
ATM cards, ARUKAINO UMUKORO writes
A few weeks ago, Bola, as she preferred
to be addressed, who just relocated to
Nigeria from the UK, received a rude
welcome to the world of Automated Teller
Machine transaction in her country of
birth.
She had just collected her ATM card from
her bank and was looking forward to
withdrawing money with it later that
evening.
On getting to the ATM point at Mushin
area, she met five persons there waiting.
Two left immediately after making their
withdrawals, while the other three men
asked her to go ahead and make her
withdrawal.
“It seemed as if they were waiting for
somebody,” Bola recollected. She was
mistaken.
Being her first time of using the ATM
card, she changed her Personal
Identification Number and then
proceeded to withdraw N20,000. “It was
around 7.30pm, and I was all by myself.
Then I felt something like a gun pressed
on my back from behind, the other guys
had surrounded me and they demanded
that I gave them all the money. Knowing
that it was futile to argue with them, I just
did what they asked.”
Just then, her phone rang out loud. It
was a message informing her of the
transaction. One of the guys snatched the
phone from her, checked the message
and realised she still had some money
left.
“They asked me to withdraw the rest of
the money in my account. It was like a
movie. I lost N80,000 that day,” she said,
adding that she felt numb after the
incident and couldn’t tell anybody about
it, until recently.
Many Nigerians have fallen victim to such
incidents. And like Bola, they may not
report it to the police or bank authorities
for sundry reasons.
An expert on security matters, Mr.
Obadare Adewale, pointed out that
fraudsters now resort to the threat of
physical attack to rob their victims at ATM
points because they cannot clone ATM
cards like they used to do in the past.
“This is because the new ATM card,
whether for debit or credit, is a chip-and-
pin type. This ensures that the embedded
microchip makes the card extremely
difficult to counterfeit or copy if it’s lost
or stolen. With the chip-and-pin, it is not
possible to fraudulently duplicate and
steal other people’s money using their
ATM cards, unlike before, when ATM
cards were magnetic fibre cards which
could be cloned. As a result, card-cloning
fraud has drastically reduced in Nigeria.
“The Central Bank of Nigeria has
mandated all banks in the country to be
EMV compliant. Nigeria has joined
countries like France and UK, although
the US still uses magnetic fibre cards,” he
said.
According to Wikipedia, EMV, which
means Europay, MasterCard and Visa, is a
‘global standard for inter-operation of
integrated circuit cards and IC card
capable point of sale terminals and
automated teller machines. It is used for
authenticating credit and debit card
transactions.”
Many countries, like Nigeria, are said to
prefer chip cards because the feature
makes purchasing abroad easier.
As a result of this security development,
fraudsters have developed other means of
robbing people of their money. Adewale
recounted a recent occurrence.
“It happened at a shopping mall, I don’t
want to mention the name. A woman’s
handbag was stolen from where she
forgot it. The bag contained her ATM
debit card and her driving licence.
Unfortunately for her, the fraudsters were
able to guess correctly that her date of
birth was her PIN. That was how they
started withdrawing and spending her
money,” he said.
This is the reason why the Executive
Director, Business Development, Nigeria
Inter-Bank Settlement System Plc, Mrs.
Christabel Onyejekwe, advised that
people should avoid using their dates of
birth as PIN numbers.
“Those fraudsters could get it after three
or four attempts. Don’t use your birth
date because it can be easily known. First
and foremost, make your pin very
distinct,” she told SUNDAY PUNCH.
Another method fraudsters use nowadays
is through ‘phishing’ emails.
These are scam emails sent to many
where the bank customer is asked to click
on a link to ‘complete the upgrade of their
Internet banking account to a safer
platform.” Sometimes, some people
innocently fill the fraudulent form sent to
them which would expose their bank
statement and transaction details.
“In some cases, these fraudsters, fronting
as bank officials, also call customers on
the phone to request for their Internet
banking token details. That was how a
bank customer lost over N6m.
“On no account should you reply any
email like that and do not click on the link
or give somebody your PIN number or
token details on the phone. No bank will
ask you for such details on the phone,”
Adewale said.
It has become a common method so
much that many banks now send
disclaimer emails to their customers.
When these fraudsters don’t resort to
physical attack or send phishing emails,
they look for loopholes whenever online
transactions are being carried out.
“For Internet transactions, referred to as
‘card not present’ transaction, you need
the Primary Account Number, that is the
number at the front of the card, the Card
Verification Value, the three numbers at
the back of the ATM card, and your PIN
number.
“And what most of these fraudsters do is
that they carelessly roam about in places
where these transactions are done. So, if
you hold your card carelessly, someone
can quickly cram the digits in front of the
card and the three digits at the back of
the card. Then, they can do transactions
on your behalf. Some websites only need
the PAN and CVV, but some others may
ask for the PIN also,” Adewale added.
Although the use of ATM card details for
such online purchases and transactions is
quite secure because, like Onyejekwe
noted, “they are registered merchants and
dealers.”
She advised people to do such online
transactions in secure and registered
cyber cafes.
“Don’t walk into cyber cafes that are not
registered. There are registered cyber
cafes on the Nigerian Communications
Commission website,” she said.
Since the ATM was introduced into the
Nigerian market over a decade ago, there
has been a rapid growth in the volume of
transactions with ATM cards nationwide.
Fraudsters have also found different
methods to beat whatever security
measures put in place.
However, this worrying trend is not only
common to Nigeria.
In April, US federal prosecutors said $45m
was stolen in a few hours after a global
network of hackers hacked a database of
prepaid debit cards and subsequently
used it to loot financial institutions
around the world. A US lawyer had
described it as “a massive 21st-century
bank heist.”
Also, statistics released by the European
ATM Security Team in April showed that
total ATM related fraud incidents
increased from 20,244 in 2011, to 22,450
in 2012. While losses due to ATM related
fraud attacks rose by 13 per cent from
€234m to €265m.
The report noted that the rise was due to
an increase in losses due to card
skimming attacks, which rose 12 per cent
from €232m to €260m.
“The majority of ATM related card
skimming losses continue to be
international (losses outside national
borders by criminals using stolen card
details) with most occurring in countries
outside of Europe. Such losses increased
by 21 per cent when compared to 2011.
The top three locations for such losses
were the USA, the Dominican Republic
and Brazil,” the report stated.
Protect yourself from ATM theft
• Get in the habit of using the same ATM
for your transactions. Become familiar
with it and be able to recognise changes
to the machine.
• Use ATMs inside banks rather than on
the street (where they’re easier for
thieves to access).
• If you’re visiting an unfamiliar ATM that
is not inside a bank, examine it carefully
for devices. Card or cash trapping devices
need to be glued or taped to the card
reader or cash dispenser. Look for ‘extra’
cameras beyond the basic and generally
obvious ATM security camera.
• Never rely on the help of strangers to
retrieve a confiscated card.
• Never use an ATM when other people
are lingering.
• Report confiscated cards immediately. If
you can, don’t leave the machine. Instead
call the bank from the ATM where your
card was taken using a cell phone.
• Don’t use ATM with extra signage or
warnings posted on the machine.
• Never follow a link in a supposed bank
email notice. If you are wondering if your
bank has really contacted you via email,
then close the email and directly type
your bank’s website address into your
browser. Visit your account and look for
update notices directly on your account
or bank’s website. The email is almost
always a phishing scam.
No comments:
Post a Comment