ATM Security threats
There are several security threats that users should be aware of when using an ATM. Here are some of the most common:
- Shoulder surfing
Criminals may make an attempt to check or make note of user's PIN number while it is entered on the ATM keypad, by looking over their shoulder, or by using hidden cameras.
- Shoulder surfing-Modus Operandi
1. The fraudster keeps a watch for a user to enter an ATM booth
2. As a user enters the ATM the fraudster follows them and place themselves in the queue
3. While the user enters the PIN the fraudster position themselves in a way that allows the fraudster to discreetly observe the keypad.
4. The fraudsters may use various techniques like mirroring users movements/strokes or using reflective surfaces to gain a clear view of the PIN.
5. Armed with the knowledge of the user’s PIN, the fraudster attempt to gain unauthorized access to the account using stolen information.
6. The fraudster may use methods like cloning the card or attempt to log into user account through online or phone banking
- Shoulder surfing-Case Study
Case study of young professional who becomes victim of shoulder surfing but protects himself by being aware and alert
Rajesh, an IT professional working in Benguluru city, visited an ATM booth in a busy area to withdraw cash. Unknown to him, there was an individual, Sanjay, who positioned himself nearby with the intention of exploiting the crowded environment and engaging in shoulder surfing to obtain sensitive information for misuse. Sanjay carefully positions himself close to Rajesh, ensuring an unobstructed view of his actions while appearing like a regular ATM user. He engages in activities that would distract Rajesh, such as speaking loudly on the phone or pretending to enter the ATM booth etc., that would distract Rajesh. He covertly observed Rajesh's actions, paying particular attention to his keystrokes, PIN entry, and account balance display on the ATM screen. Observing Rajesh's actions, Sanjay makes note of his PIN, account balance, and other sensitive banking information and memorizes them for using them in unauthorized transactions.
However, Rajesh becomes suspicious when he noticed Sanjay standing close and frequently glancing in his direction. Sensing a potential privacy breach, Rajesh takes immediate action. He shields the ATM keypad with his hand and body, making it difficult for Sanjay to observe his PIN entry and changes his positioning within the booth to minimize Sanjay's opportunity to shoulder surf, thereby protecting his sensitive information and mitigating the risk of data breach and unauthorized access.
Conclusion: This case study highlights the potential risks associated with shoulder surfing in ATM booths. By raising awareness, implementing protective measures, and maintaining a proactive approach to security, users can protect themselves against shoulder surfing.
- Card skimming
Criminals may use devices to "skim" the information on the magnetic stripe of a user's ATM card, which can then be used to create a counterfeit card or make fraudulent purchases.
- Card trapping
Criminals may use a device to trap a user's ATM card inside the machine, then retrieve it later to access their account.
- Cash trapping
Criminals may use a device to trap the cash as it is dispensed from the ATM, then retrieve it later.
- Malware and hacking
Criminals may use malware or hacking techniques to gain access to the ATM's software or network, allowing them to steal user data or control the machine