How money is stolen from ATMs. A box of money on the street: how ATMs are “opened”

In this review, the editors of PaySpace Magazine will talk about how ATMs are robbed and what techniques criminals most often use

How ATMs are robbed Photo: businessinsider.com.au

There are many ways to rob an ATM. For some, you will need a cargo transport and a hammer drill. For others, it’s sleight of hand and a piece of plastic. The former are more of a concern to the bank's security service. And the second are ordinary payment card owners who withdraw cash from an ATM. Hackers should also not be ignored. A few lines of code - and the ATM will not only dispense the money itself, but will also transfer the card details of the users to the fraudster.

How ATMs are robbed: tricks aimed at cardholders

The ATM is no longer for payment scammers. However, criminals quite often use this device to empty citizens’ payment cards. Let's consider the basic techniques that are applied to ATM.

• – installation of special overlays on the ATM that allow you to copy data credit card, as well as “peep” the PIN code from a hidden camera or dummy keyboard. Fraudsters use this data to make fake cards and cash out funds from bank accounts victims

• – installation of a special pad with adhesive tape on the cash opening, which blocks the withdrawal of money. The scammer's goal is to make the customer think that the ATM has run out of money or has made an error. Then the victim will take the card and leave. And the criminal will be able to move the cover and take the funds

• – installation on the card slot special equipment to lock a credit card inside the device. The scammer's goal is to force the cardholder to move away from the ATM, and then to remove his credit card with a special tool.

How do ATMs get robbed using viruses?

• allow a fraudster to remotely obtain technical information and PIN codes bank cards, which fall into the ATM
• infect an ATM with a virus that gives them access to the banknote vault.

How is an ATM protected from physical hacking?

Fraudsters who don’t want to bother with overlays and other tools to steal payment card details try to steal the entire mailbox. Or open it on the spot.

How is an ATM protected from such attacks:

• CCTV Cameras, detect suspicious activity of fraudsters near ATMs. Modern technologies allow you to continue filming what is happening at the ATM, even if the device itself is already disabled. Often there are two of them - built into the ATM and located near the facility.
• ATM body protects banknotes in the safe thanks to thick walls made of heavy-duty metal, which are difficult to hit with a punch.
• sensors, that respond to a strike or attempt to open an ATM. And they send a signal to the control panel of the security guards, who usually arrive on site within a few minutes.
• wall mounting, thanks to which it will be possible to snatch the ATM only with the help of a truck vehicle– the ATM itself weighs about 4 tons
• GPS beacons are embedded in the ATM to inform the bank's security service about the exact location of the device. The main condition for the operation of the beacon is the presence of a satellite signal. If the ATM is placed in the basement, the device will not emit a signal.

If you think that covering your PIN code with your hand from the people standing behind you in line is enough, then you are mistaken. IN modern world this is not enough anymore.

New ways are being invented every day by scammers to steal your money. Here are the main ones for today.

1. Pickpocketing

Opposition: do not allow anyone to stand close behind you, cover the PIN code with your palm and body from everyone when you dial.

2. Traps for money and cards

Opposition You think the ATM is broken, get angry and leave.

Immediately after you leave, the attackers remove the cover from the device and take your money.

: Always count the money received from the ATM. If there is a shortage, call the bank employees without leaving the ATM.

Money may disappear even when depositing, keep an eye on the amount on the screen.

You will see below how to check the ATM for linings.

A device is attached to the card reader that copies data from your card. The PIN code is recorded on video. After some time, the scammers make a complete duplicate of your card.

Sometimes they put a fake keypad directly on the ATM that remembers your code.

All devices, all covers on the ATM will be easily removable. Therefore, do not hesitate to once again tug at all the places where spy equipment may end up. If you have the slightest suspicion, look for another ATM.

The overlay is at the top, the normal keyboard is at the bottom. The headphone jack is recessed due to the thickness of the pad.

Video camera in a box with brochures.

Sticker above the panel.

Cracks on the ATM above the slots for accepting bills or cards.

Fake keyboard and skimmer.

A skimmer cover on top and a normal receiving window for cards on the bottom.

Spy "fence" of the keyboard.

Fake keyboard on top: the button color is wrong. Yesterday, the Moscow Department of Economic Crimes reported the discovery of yet another bank fraud. plastic cards

. A student at one of the capital’s universities, together with a friend, using counterfeit cards, stole money from the accounts of Russians and foreigners through ATMs. According to Kommersant, the police caught the scammers thanks to the vigilance of employees of the economic and internal security service of one of the large Moscow banks. As you know, all ATMs in Moscow are equipped with hidden cameras. Looking at the recordings from these cameras, bank security drew attention to a young man who, nine times in a row, different cards

The police found out that the money was cashed by a student at one of the capital's universities, Anton Obyedkov, who came to Moscow from Tashkent. He was under covert surveillance. It turned out that the student clearly lived on more than one scholarship. Without working anywhere, he nevertheless did not live in a hostel, but rented an apartment, regularly visited youth cafes and nightclubs, where he spent large sums. It also seemed suspicious that the student very often visited computer markets, where he bought specific programs and components for electronic devices that could be used to make counterfeit bank cards. The police assumed that they were dealing with a carder - a person involved in fraud with bank cards. Their assumptions were confirmed. The operatives who were watching Anton Obyedkov saw him withdrawing from an ATM a large sum money and detained the student. As it turned out, red-handed. Investigators found 23 counterfeit debit bank cards in the pockets of Anton Obyedkov’s clothes. With their help, $230 thousand could be stolen from bank accounts.

The student did not deny it. He told operatives how, together with his acquaintance Konstantin Svobodin, he stole more than $60 thousand through ATMs. According to the suspect Obyedkov, the fraud was organized by Konstantin Svobodin. A certain Ali (name changed in the interests of the investigation - “Kommersant”) from France, whom the young men met on an Internet forum where carders communicate, sent Konstantin Svobodin for a fee the data on several dozen French bank cards and PIN codes for them. Using this information, Konstantin Svobodin allegedly produced cards and taught Anton Obyedkov to withdraw money from ATMs using them. But Anton Obyedkov could not explain how he got hold of counterfeit Russian bank cards. The investigators figured this out themselves after conducting a search in the student’s apartment. The police found Anton Obyedkov's notebook with information about bank cards Russian citizens with PIN codes. In addition, micro-video cameras and parts from homemade card readers - devices that copy information from bank cards - were found in the apartment. According to the police, the students manufactured and installed hidden cameras and such devices on several ATMs, camouflaging them under the plastic frame of the card reader. Using this technique, they collected data on bank cards, which they then used to make duplicate cards. Investigators also found an explanation for the fact that in the student’s notebook, for some cards, one or two digits of the four-digit PIN code were supposedly indicated. Police believe that especially careful ATM users, when typing the PIN code, covered the keyboard with their hand, as banks recommend, and the micro-camera was able to capture only part of it.

Yesterday Anton Obyedkov was arrested by court decision. He was charged under Article 159 of the Criminal Code of the Russian Federation (“Fraud”). Konstantin Svobodin has escaped and is wanted. Investigators of the Main Investigation Department of the Moscow City Internal Affairs Directorate, who are leading the criminal case, have already informed Interpol about the French accomplice of the scammers.

Alexander ZHEGLOV

It was discovered in Moscow and St. Petersburg new way steal money from Sberbank ATMs. It is reported that several attackers may have already obtained financial resources dishonestly.

As the site learned, Stanislav Kuznetsov, deputy chairman of the board of Sberbank, reported the problem. He noted that thanks to the scammers’ cunning, the ATM could not record the dispensing of money and not write it off from the accounts. According to this method, when the fraudster requested a withdrawal amount and the ATM began counting the money, the criminal could hold the card. It got stuck in the receiver at a time when the money was already in the dispenser and could be pulled out with a special hook. As a result, the fraudster was left with both a card with an untouched balance and the required amount of money, reports TASS.

This method was extremely difficult to discover. Representatives of the bank said that they had found an opportunity to illegally receive money thanks to artificial intelligence technologies. The difference was found using a new software, which helped to establish the difference between the volume of revenue and the transactions performed at the ATM.

As Stanislav Kuznetsov noted, Sberbank has already eliminated such a possibility, in addition, bank employees have all the necessary data to contact criminals who could use the method in St. Petersburg and Moscow. It is reported that the updated electronic monitoring system will be launched at all Sberbank money issuance points in July.

Previously, the site wrote that some attackers had learned to load a virus into ATMs. After that, by pressing a secret code, the scammers could get 200 thousand rubles at a time.

Constantly, when I am waiting for the ATM to issue the requested amount, I think to myself, what to do if the money does not come out, but is written off from the account. How can I prove that I didn’t take the money?

What, someone will watch kilometers of video recordings? And it’s not a fact that the recording works at all on this ATM.

It’s for situations like these that we collected everything. possible options how an ATM can make a mistake and what we need to do about it.

Scenario 1: The ATM has captured the card

Experienced cardholders know what to do in any unclear situations with ATMs: call technical support, block the plastic. Then go to the nearest office and write an application for reinstatement or reissue. There, if necessary, you can withdraw cash from your account.

In rare cases, it is possible to return the card, as they say, without leaving the cash register. If a computer malfunctions, the bank’s technical support can reboot it remotely, as a result of which the precious plastic will return to the owner’s hands. According to Arkady, anyone has such a chance - but it’s better if you turn out to be a VIP client or can contact to the right people directly.

Arkady: “Some financial institutions In case of any problem, the seized cards are destroyed and sent for reissue. Typically this takes up to five business days. Some people pull out the cards and deliver them to the nearest office. Or they agree with the client on a convenient pick-up location. Field technicians today do not have the right to remove cards from the special tray of an ATM and return them to customers.”

Here it is logical to ask: who is to blame and what to do? More precisely, why do such things happen and how to avoid them?

Arkady: “To prevent the device from taking the card, it is enough not to use it, because any technique makes mistakes - it is still mechanics. If we are not talking about random problems, then there are two withdrawal scenarios:

The credit card is discredited. In this case, the message “card seized by the bank” appears. The latter simply plays it safe if there is the slightest suspicion that the card was copied by fraudsters.

A technical glitch occurred while the credit card was inside. To protect yourself as much as possible from this, you need to take care of the plastic: it should be free of cracks or stickers. The client cannot predict everything else, since we are talking about the reliability of equipment that is hidden from his eyes.”

The decision whether to wait for the card to be returned or to reissue it is made by the owner. As a rule, it is easier to reissue. After all, it is unknown exactly when the collectors will arrive, how quickly the credit card will get to the right office and how easy it is to unblock it.

Scenario 2: money was debited, but the ATM did not dispense it

If a person did not receive the money at all, then it most likely was not debited from the account, but was frozen until the success of the transaction was confirmed. The latter, of course, does not happen - the bills are still inside the machine.

Arkady: “There was a failure in one of the links - or the ATM was unable to generate the required amount, or the connection to the host was lost. Usually in such cases, rubles are automatically returned to the account, since the operation is marked as failed.”

It doesn’t matter if there is no automatic return or the client fails to collect the funds on time.

Victor: “The money will go into a special cassette with discarded bills. The same thing can happen as a result of a failure when dispensing cash; an ATM dispenser is a complex and sometimes capricious thing. All information in such cases is recorded in logs. It is advisable to call the bank immediately, they will return the money, this is a common case.”

It’s worse if the entire amount is debited from the account, but only a portion is issued. Then it is much more difficult to prove that “you are not a camel”, but actually did not receive enough money. Therefore, the first thing to do is to count the issued cash by standing in front of the camera built into the body. This will make future banking investigations easier. And, of course, you need to immediately call technical support and explain the situation.

Arkady: “This happens mainly at ATMs, where money flows along conveyor belts. During use, they stretch a little, the bills are placed at a greater distance from each other. The dispensing device may simply not reach part of the bills, but only capture and dispense those closest to it.”

Scenario 3: the ATM did not credit the payment made

If the operation seemed to be successful, but the money did not appear in the account, we follow a proven scheme - contact the bank. Preferably with a receipt. But if his device didn’t issue it either, then it doesn’t matter: based on the results of the investigation, the entire amount will be credited to the client, since all transactions are logged. This is what happened in this situation.

According to the expert, such episodes often occur through the fault of the client.

Arkady: “Most ATMs have a limit on the number of banknotes accepted (and issued) - 40 pieces. A warning is displayed on the screen, but not everyone pays attention to it and may exceed the limit. Often there is a foreign object among the bills - a check or other small change from a wallet. Of course, a jam occurs.

At the request of the cardholder, a banking investigation begins. The device is collected and the surplus is determined. If it matches the number named by the victim, the money is credited to his account. If the deposited amount is a loan payment, you need to ask the financial institution for a deferment during the investigation so that no penalty is charged.

Once there was such a situation: a call came in with the reason “funds have not been credited to the account.” An elderly client panicked - how could they be stealing! On the spot, it turned out that the “problem” machine did not physically have a bill acceptor; it could only issue rubles. The victim simply did not know about this, and managed to push cash one bill at a time into the dispenser.”

Scenario 4: NFC and mobile payments

Contactless payments are increasingly entering our lives, and not only in large cities. Some ATMs are equipped with NFC interfaces for user convenience.

Such scanners seem to be quite safe - as of January 2018, they have not been involved in a single case of fraud in Russia. This fact was confirmed by an information security expert. Adding that in the case of an NFC chip you need to be afraid of something else:

Victor: “Theoretically, an attacker can walk on public transport during rush hour and withdraw money using a regular payment terminal. If you are paranoid, you can carry the card in a special case that protects against electromagnetic radiation.”

The same applies to mobile payment technologies. Apple Pay And Google Pay: They are equivalent to NFC cards and are considered a type of RFID, working on the same principle. An important difference: smartphone software can still be hacked. But in theory.

Arkady: “Hypothetically, you can plant a virus on your phone that will read payment information. But it is securely encrypted. Even if the virus transmits it to scammers (although I have not heard of such cases), it will take years to decrypt. Any information is disposable and loses relevance upon completion of the operation.”

Both experts note: the system is good and convenient, but only until the NFC credit card or unlocked smartphone falls into the wrong hands. A thief or passerby who finds an NFC card can go to the store. And pay for purchases in the amount of 1000-1500 rubles all the way - these are standard limits, up to which you do not need to enter a PIN code.

Scenario 5: fell for a scam

There are scammers all around, and everyone wants your money. Or bank money - the crooks don’t care, but it’s easier to deceive the average person. It is enough to copy the magnetic stripe of the card, find out the PIN, create a duplicate and gut someone else’s account. This process is called skimming, and it is very common among digital thieves. Therefore, carefully study the ATM - especially an unfamiliar one - before feeding it plastic.

Arkady: “There should be no wires or foreign devices on the surface of the ATM in the area of ​​the card reader. Both will most likely be located on the outside of the case, since otherwise it needs to be drilled, it will be noticeable. To obtain a PIN, as a rule, a video camera is attached to the keyboard. It may even be hidden under the frame that covers the keyboard. Or there may be a thin film that is placed over the keyboard or hidden under it.”

Victor, an information security specialist, says that recognizing such devices today is not easy, thanks to advanced printing methods.

Victor: “With the advent of 3D printers, it is much easier for attackers to produce skimmers for various ATM models. It is easy to notice only the most primitive things: traces of glue, plastic of a different color, a keyboard that sticks out too much. And a pinhole camera installed on the ceiling to spy on the PIN is generally very difficult to find. Therefore, when entering the code, cover it with your other hand.

However, there are no guaranteed methods of protection. Do you have doubts about the reliability of a particular device? It's better not to remove anything from him. Look for an ATM where it is difficult to install a skimmer - say, in a bank branch.”

Have you noticed that amounts are leaking from your account, but the card is in your wallet? The first thing you need to do is block it. However, the task is not limited to this: with a competent approach and a successful combination of circumstances, the stolen property can be returned.

Arkady: “As soon as you receive a notification about a strange withdrawal, you need to immediately run to an ATM or terminal. And try to carry out an operation using the card. This will indicate that the credit card was not lost and was in a completely different place - not where the cash withdrawal was made. That is, the card was duplicated, and the bank will most likely return the money, since it is its fault that the data was stolen.”

However, Victor claims that today scammers are actively switching from users to ATMs themselves.

Victor: “The service area where the computer is located is not as well protected as the area with money, and is often opened with standard keys. On forums on the darknet you can buy programs and instructions for hacking. Some criminals even offer training and programs in exchange for a percentage of stolen funds. As a result, hackers open ATMs, approach the service area, insert a flash drive with a keyboard/mouse into USB and launch a special utility. After which you can withdraw rubles.

People around you don’t pay any attention at all when an attacker comes and starts dismantling the ATM to insert a blackbox or install an application for dispensing money. We saw recordings from surveillance cameras where people continued to stand in line at the moment when the scammers carried out these manipulations - no one raised an eyebrow.”

Fraudsters switch to ATMs for a reason. The turnover of cards with magnetic stripes is declining today and will disappear in the foreseeable future, and chip cards are not subject to skimming - they are almost impossible to counterfeit. But you can make sure that you put your hard-earned money into a fake carefully prepared by the scammers. In a well-known and completely unsuspicious case there will only be a bill acceptor, a computer and a skimmer - in case there is a magnetic stripe on the card.

Arkady: “It’s not easy to identify a fake, but it’s possible. The device should not just stand on the street - genuine ATMs are usually installed in bank branches, large shopping centers or chain stores. You should definitely be wary if an ATM appeared in a new location and started working on the same day. Its installation is a long and labor-intensive process: first it stands turned off, then it takes some time to configure it. Everything takes at least two weeks. Plus, you can always check the legality of the device in the mobile application. If it is not there, notify the bank - they will either confirm the appearance of a new device, or, on the contrary, warn you about scammers.”

True, such deceptions are extremely rare today - often in disadvantaged areas.

So what should you do?

You say, “Well, nothing like that will happen to me.” And, of course, “something like this” always happens, and at the wrong moment - for example, when paying off a mortgage on the last day of the month. How can you minimize risks? First of all, be careful:

before inserting a credit card into the card reader, make sure that it is intact and that, for example, there is no chewing gum wrapper stuck to it;

check the number of bills (there should be no more than 40) and the presence of foreign objects in the stack before feeding it to the bill acceptor;

inspect the ATM - are there any foreign wires, devices near the card reader, cameras aimed at the keyboard, or physical damage?

But even if you are as careful and concentrated as possible, the technology may fail, and the scammers may turn out to be more cunning. In any unclear situation, contact technical support. Do you have the slightest suspicion that you have become the target of a scam? You need to not only block the card, but also try to carry out any operation on it as quickly as possible in order to make a mark in the bank database - this will increase the chances of getting the money back.

Finally, a radical option - reduce communication with ATMs. Payment terminals are found everywhere today. Mobile applications and electronic transactions are still quite reliably protected from hacking and allow you to pay for a whole range of services. There is no need to carry a kilogram of cash with you, and you can always withdraw some amounts at an official branch - it’s almost impossible to run into fraud there.