“Could the customers have done something to prevent it?" This probably is the most important question that needs answering in the wake of the hi-tech ATM fraud in Thiruvananthapuram. Unfortunately, they could have done virtually nothing! Bank customers are totally helpless when they get duped in this manner.
Banks do advice their customers to change the four-digit PIN every three months to prevent cyber fraud. But, in Thiruvananthapuram, the victims did not get time to take such a precautionary measure as they were hit like lightning by the fraudsters.
In reality, only banks can do something to prevent this sort of fraud from reoccurring. The unauthorized transactions in Thiruvananthapuram were not due to the banks’ failure to implement appropriate network security measures. Here, physical security was either overlooked or its importance was gravely underestimated. The series of incidents in the capital have proved that anybody can enter an ATM booth in Kerala and install any device at will.
Had those in charge of the ATM carried out regular inspections in the kiosk, they could have easily recovered the suspected ‘skimmer’ placed on the machine by the high-tech criminals. The skimmer is a malicious device used to copy and misuse the details of a customer’s bank card. It can internally store the details of the cards before transmitting them using radio frequency (just like Wi-Fi and Bluetooth do) mechanics, so that the fraudsters can retrieve it later.
With technological advancement, devices have become a lot smaller and harder to detect. Generally, a skimming equipment is installed inside the counter. But it can be placed anywhere near the kiosk and the fraudsters can gain access to the information transmitted wirelessly even by sitting in a car parked in its vicinity.
According to forensic experts in Thiruvananthapuram, the thieves obtained the PIN numbers using a hidden camera. So, covering the keypad with your hand when you enter your PIN may appear a safe option. However, this holds no water because criminals can capture your credit information even without the help of secret cameras. They can fraudulently decipher the PIN with the help of the beeps correspond to keys pressed when you enter your PIN on an ATM. Each PIN entry is accompanied by standardized audible tones. The same technology is being used to enable blind and vision impaired people use mobile phones. Keypads send out both sounds with both audible and inaudible frequencies. These malicious devices are understood to have been able to transmit such inaudible sounds as well. That is why most of the banks with online banking facility offers Virtual Keyboard to type in your password. If ATMs are also equipped with such scrambled keypads, it will be difficult for the fraudsters to capture PIN numbers wirelessly.
Security personnel can easily identify the presence of a foreign object inside a kiosk. Likewise, unfamiliar radio signals can also be picked out with the help of sensors placed inside the bank. The bank can inform the police if they identify the presence of foreign objects or strange signals.
Security can be stepped up by regularly keeping a watch on footages recorded by security cameras installed in ATMs. Nowadays, banks analyze CCTV footages only in the event of an emergency. To make the effective use of the surveillance cameras, they should be connected to the main branch and the live feed should be examined in details round the clock. The broadband technology can be used to put this security system in place.
Most of the banking and financial institutions operating in developed countries like America have employed retired military and intelligence personnel to keep a tab on the data generated by security cameras in ATMs. The guard on duty will be accountable for any kind of security lapse.
Unfortunately, most of the security measures that were in place when ATMs were first introduced in India ceased to exit. There used to be security guards manning ATMs 24X7 and customers needed to swipe their card to open the entry door. Also, only one customer was allowed to enter the ATM at a time. All these measures need to be reintroduced to improve and strengthen the security as well as prevent crimes of this nature.
In western countries, ATM thefts are reported very rarely because of the high-security protection measures adopted by them. The latest incident serves as a reminder of the loopholes in our banking system.
(The author is an independent cyber forensic expert and academic)