Taking a Trip to the ATM?

Beware of ‘Skimmers’

Last fall, two brothers from Bulgaria were charged in U.S. federal court in New York with using stolen bank account information to defraud two banks of more than $1 million.

Their scheme involved installing surreptitious surveillance equipment on New York City ATMs that allowed them to record customers’ account information and PINs, create their own bank cards, and steal from customer accounts.

ATM composite
Skimming typically involves the use of hidden cameras (top) to record customers’ PINs and phony keypads (right) placed over real keypads to record keystrokes.

What these two did is called “ATM skimming”—basically placing an electronic device on an ATM that scoops information from a bank card’s magnetic strip whenever a customer uses the machine. ATM skimming is a growing criminal activity that some experts believe costs U.S. banks hundreds of millions of dollars annually.

ATM graphic 250
Enlarge Graphic

How to Avoid being Skimmed

– Inspect the ATM, gas pump, or credit card reader before using it…be suspicious if you see anything loose, crooked, or damaged, or if you notice scratches or adhesive/tape residue.

– When entering your PIN, block the keypad with your other hand to prevent possible hidden cameras from recording your number.

– If possible, use an ATM at an inside location (less access for criminals to install skimmers).

– Be careful of ATMs in tourist areas…they are a popular target of skimmers.

– If your card isn’t returned after the transaction or after hitting “cancel,” immediately contact the financial institution that issued the card.

How skimming works

The devices planted on ATMs are usually undetectable by users—the makers of this equipment have become very adept at creating them, often from plastic or plaster, so that they blend right into the ATM’s façade. The specific device used is often a realistic-looking card reader placed over the factory-installed card reader. Customers insert their ATM card into the phony reader, and their account info is swiped and stored on a small attached laptop or cell phone or sent wirelessly to the criminals waiting nearby.

In addition, skimming typically involves the use of a hidden camera, installed on or near an ATM, to record customers’ entry of their PINs into the ATM’s keypad. We have also seen instances where, instead of a hidden camera, criminals attach a phony keypad on top of the real keypad … which records every keystroke as customers punch in their PINs.

Skimming devices are installed for short periods of time—usually just a few hours—so they’re often attached to an ATM by nothing more than double-sided tape. They are then removed by the criminals, who download the stolen account information and encode it onto blank cards. The cards are used to make withdrawals from victims’ accounts at other ATMs.

Skimming investigations

Because of its financial jurisdiction, a large number of ATM skimming cases are investigated by the U.S. Secret Service. But through FBI investigative experience, we have learned that ATM skimming is a favorite activity of Eurasian crime groups, so we sometimes investigate skimming—often partnering with the Secret Service—as part of larger organized crime cases.

Some recent case examples:

  • In Miami, four Romanians were charged with fraud and identity theft after they made and placed skimming devices on ATMs throughout four Florida counties … all four men eventually pled guilty. More
  • In Atlanta, two Romanians were charged and pled guilty to being part of a criminal crew that stole account information from nearly 400 bank customers through the use of skimming equipment they installed on ATMs in the Atlanta metro area. More
  • In Chicago, a Serbian national was arrested—and eventually pled guilty—for attempting to purchase an ATM skimming device, hoping to steal information from ATM users and loot their bank accounts. More
  • In New York, a Bulgarian national referenced at the top of this story was sentenced yesterday to 21 months in prison for his role in a scheme that used sophisticated skimming devices on ATMs to steal over $1.8 million from at least 1,400 customer accounts at New York City area banks. More

One last note: ATMs aren’t the only target of skimmers—we’ve also seen it at gas pumps and other point-of-sale locations where customers swipe their cards and enter their PIN. (See sidebar for tips on how to avoid being victimized by skimming.)

 

NADRA Pakistan goes with Chip Enabled plus QR Code

Nadra Pakistan the issuing authority of National ID Card has started ID cards with chip & QR Code. The chip is placed on card’s front side while QR Code is on card’s back side.

This supposed to be more fast, secure and easy to readable by machine. Nadra remains to be top with latest technological advancement within central Asian region.

Will be attaching NIC Images soon.

Forcing Android Apps directly install to the SD Card

Image representing HTC as depicted in CrunchBase

One of the biggest complaints levelled at the HTC  is the severe lack of internal memory. There are ways around this, one of which is forcing downloaded apps to install to the SD Card. There are a couple of pre-requisites, but the process itself is relatively straight forward.

You’ll need HTC Sync installed (or at least the drivers that come with HTC Sync) and ADB (Android Debug Bridge) or the Android SDK. The SDK itself is a >100MB download and can be relatively difficult to install, however if you head here, look under the section entitled Mini SDK, click show, you can download a zip file called SDK-Tools.zip. Once downloaded, extract the contents of that folder to a folder of your choosing. I recommend somewhere easy, like C:\SDK-Tools as you’ll need to navigate to it via a command prompt later.

You’ll also need to enable USB Debugging on your phone, that’s easily enough done by heading to Settings -> Applications -> Development -> USB Debugging. You’ll get a warning message, but just ok that you’ll be fine.

Once you’ve done all the above, the process is as follows:

1. Connect the Phone to the PC in Charge Only mode
2. Open a command prompt (Start -> Run -> CMD, you’ll need to run as Administrator)

Pics for the ADB stuff below:

3. Navigate to the folder you extracted ADB to. In my case, the command would be “cd\SDK-Tools” (minus the quotes).

4. Type adb devices and press enter. You should then see the serial number of your phone displayed on screen. If you don’t check, that USB Debugging is enabled and you’re connected in Charge Only Mode.

5. Type adb shell, press enter.

6. Type pm setInstallLocation 2 press enter (it’s important you enter this exactly as written as it’s case sensitive)

7. Type Exit, then disconnect your phone.

8. PROFIT!

You can now move apps that are already on the handset to the SD Card. Head to Settings -> Applications -> Manage Applications -> All -> Click an app -> Move to SD Card. All new apps will install to the SD Card.

It’s worth mentioning that apps with active widgets cannot be moved and a certain portion app will remain on the phones data partition, but this goes a long way to assist with the lack of internal memory!