Debit/ATM card fraud

Debit/ATM cards are plastic payment cards that are a viable alternative to cash. The difference between debit cards and credit cards is that payment for a debit card transaction is taken directly from the cardholder’s account, unlike credit cards where the accountholder paying the money back at a later date. Debit cards can also double up as ATM cards, allowing for the removal of money from the ATM. In some cases, they can also be used for ‘cash back’, where cash can be withdrawn at a merchant’s location following a store purchase.
The following fraud schemes are associated with debit/ATM cards
  • Counterfeit cards – fake cards made from an imprint of the original
  • Skimming – obtaining someone’s card information during an otherwise normal transaction. Skimming can occur in restaurants or at petrol stations where the card is briefly out of the sight of the owner.
  • ATM skimming – Same as in general skimming but occurs at the ATM. Fraudsters place skimming devices over the ATM slot, or hidden cameras to record PIN activity.
  • Shoulder surfing – refers to the unobtrusive glancing of the ATM’s user’s PIN by the customer next in line.
  • Phishing/Smishing/Vishing – The use of emails/SMS text/Phone calls to trick the accountholder into revealing card details. The fraudster mimics the bank and tells the accountholder that their card has been compromised and therefore they need to release their card number or PIN and that a new one will be made available. The fraudster can create a counterfeit card with the card details.
  • Stolen cards – Stealing a genuine card allows the fraudster to go on a spending spree until the bank blocks the card.
  • Card Not Present fraud – Refers to purchases made over the internet (ecommerce) or by phone or by post/mail.
  • Identity theft (application fraud and account takeover fraud) – When a fraudster gets hold of someone’s identity details (name, address and other identifying information), they may use it to apply for a card in the name of the person whose identity is being stolen. The fraudster applies for the card with a fake ID and can go on a spending spree with the new card.
Debit/ATM card fraud should be tackled by educating both bank personnel and the cardholders. They may not be aware of the various tricks which fraudsters use. What may look like an ordinary occurrence or good Samaritan may actually be a case of say, shoulder surfing.
  1. Truncation – how card numbers should be displayed on receipts;
  2. Geolocation validation – the use of IP addresses to determine location information
  3. Additional information –information requests such as a PIN or security code prior to authentication
  4. Use of fraud detection & prevention software
  5. Card owner verification
  6. Use of SQL rules to detect activity that is outside the norm
  7. Account authentication: Out-Of-Band, Challenge questions or multi-factor
  8. Reporting lost/stolen cards
  9. Customer/bank personnel education/training on phishing/vishing/smishing
Please contact me via the ‘contact’ button for a more information about ATM/debit card and ways to prevent/detect it.


Posted in Fraud and tagged , , , , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *