For the first time ever, a skimming gang remotely took hold of an ATM in Bengaluru.
Kamal Pant, city police commissioner, told Metrolife a gang used Raspberry Pi, a credit card-sized computer, to gain access to an ATM.
“They took control in such a manner that the ATM began to take commands from them. They made it dispense money, which was collected by a member of the gang,” he explains.
The ATM in question is located in Banaswadi, and about Rs 8.10 lakh was lost in the heist on December 7. Police eventually arrested 34-year-old Colombian national CristianYeinis Navarro Olarte after what they described as “a carefully-planned operation”.
In another case, police arrested Aluka Sandra Orewa alias Benny, suspected to be involved in about 60 skimming cases.
She is in the dock only for four or five. She allegedly used a skimmer (see box) and a camera to collect data which was then used to steal money from bank accounts.
Hard evidence is difficult to come by even when such criminals are tracked down and arrested because the actual stealing takes place from a remote location, says an investigating officer.
“Usually no photograph or digital evidence is found. Even if we arrest the skimmers, they get bail as we don’t have ready evidence about who stole the money. Once they are out, they slip away, get duplicate passports made, and leave the country,” he says.
How they do it
Skimmers steal confidential data from ATM machines and sell them to gangs who then carry out the fraud.
Aluka Sandra Orewa could be just a bit player in a large gang of criminals, police believe.
“The one who collects data is not the one who carries out the heist. This is why it is a challenge,” an investigator with the Central Crime Branch (CCB) of the Bengaluru police told Metrolife.
The mastermind in skimming rackets uses a network comprising skimmers and hackers.
A skimmer is paid between Rs 1,000 and Rs 3,000 for skimming an ATM. “A skimmer gets to work on about 10 ATMs in a day just to collect data. The stealing happens later, in a subsequent step,” he says.
Skimmers steal card numbers and also pins from the ATM. “A mastermind collates it and sells it to another gang for Rs 1,000 a card. That gang makes duplicate ATM cards and starts withdrawing money from multiple accounts,” the investigator says.
Banks waking up to dangers
Kapil Gupta, director, Volon Cyber Security, says ATM and online skimming has become rampant. “Criminals steal payment card information from e-commerce websites by infecting them with malware,” he says. Banks are doing spot checks and also remotely monitoring ATM kiosks. “They are gathering information about adversary attacks and taking timely actions,” he says.
Precautions
Don’t share ATM card or PIN with anybody
Use ATMs attached to banks or manned by guards.
Check for clandestine keypads and cameras.
File a complaint immediately if your data is skimmed.
Use card info only on reputed e-commerce sites.
Modus operandi
Skimmers clandestinely fix keypads, cameras to ATMs.
They collect debit card numbers and pins.
Data from multiple skimmers is collated remotely.
This is sold to gangs that create duplicate cards.
Hackers use data to steal money from bank accounts.
What’s what
A skimmer is a person or device that skims (removes substance from a surface). A skimmer device is disguised to look like part of an ATM. It is a card reader that clandestinely collects debit and credit card numbers, while an accompanying camera captures the pins keyed in by customers.
What is Raspberry Pi?
It is a low cost, credit card-sized computer that can be used with a computer monitor or TV. It works with a standard keyboard and mouse and is capable of doing everything a desktop computer can do. Used earlier for coding education, it is now widely used in many fields, including robotics.