Dangerous ATM Malware On The Prowl | Independent Newspapers Limited
Newsletter subscribe


Dangerous ATM Malware On The Prowl

Posted: May 25, 2016 at 5:34 am   /   by   /   comments (0)



*Bank Customers Urged To Be Careful When Making Withdrawals


Emmanuel Okwuke Lagos


Nigerian banking customers may need to watch their environments more carefully when making withdrawals from Automated Teller Machines (ATMs).

Kaspersky Lab, an Internet security firm, has alerted of a version of Skimer, a dangerous malware that takes the details of card holders for perpetrators to clone the cards. In effect, unauthorised withdrawals will begin on those accounts afterwards.

The malware, according to Kaspersky, which turns ATMs into card-skimming machines, resurfaced recently after being in the lull immediately it was first found in 2009. It said the malware has been distributed all over the world.

Majority of ATM frauds take place through card skimming. It is usually physical, as criminals typically install an illegal card-reading device into ATMs, film people entering their PINs on keypads, and then create duplicated cards for sale and use.

Skimer, however, is software-based, which means users can’t see it. The programme lets criminals access an ATM remotely, install the malware, and then gather data such as PINs, card numbers, and account numbers over the course of time.

A “money mule” can then insert a special magnetic stripe card into the ATM to access the stolen data, take out money, or print card numbers onto a receipt.

If Skimer has resurfaced in the U.S. then it could make ATM fraud grow even further.

A recent FICO study discovered that the number of compromised ATMs in the U.S. surged 546% from 2014 to 2015, thanks in large part to the slow EMV migration of debit cards and ATMs.

However, it’s not clear if EMV upgrades would actually stop Skimer, which means ATM fraud could grow even more from 2015 to 2016.

Conversely, the Central Bank of Nigeria (CBN) said ATM skimming is not common in Nigeria because Nigeria uses the chip and pin cards which are hard to clone compared to the magnetic strip card prevalent in the USA.

According to Olumide Fadia, Managing Director and Chief Executive Officer, OFMAX Integrated Services Limited, a company that installs and maintains ATMs for banks in Nigeria, this kind of fraud cannot happen in Nigeria because the CBN has directed that all ATMs installed in Nigeria must come with an anti- skimming device.

He noted that this device is hardware with software imbedded in it. This device is installed at the mouth of the machine where money comes out of the ATM.

Mr. Fadia stressed that any attempt to install any skimming device will trigger an alarm in the ATM that will attract people’s attention.

Mr. Jide Awe, an Information Security expert, corroborated this view when he said the CBN has given some guidelines to banks which if adhered to strictly can prevent skimming. He noted that one of these guidelines is for banks to install anti- skimming devices on their ATMs.

Data from the Nigeria Inter-Bank Settlement System (NIBSS) reveal that the highest number of fraudulent transactions in the banking sector takes place on Automated Teller Machines (ATMs), internet banking and Point of Sales (PoS) terminals.

Giving details of the decline in bank financial losses, the Managing Director, NIBSS, Mr. Ade Shonubi, said in 2014, the total volume of fraudulent transactions across all banks was 1,461, resulting in N7.8 billion value of attempted fraud and N6.2 billion actual fraud loss.

He, however, said that in 2015, the total volume of fraudulent transactions increased to 10,743, resulting in N4.4 billion attempted fraud and N2.3 billion actual fraud losses.

He explained that the 2015 figures showed a decline in the actual fraud loss from N6.2 billion in 2014 to N2.3 billion, even when there was increase in the volume of fraudulent transactions from 1,461 in 2014 to 10, 743 in 2015.

According to him, the stringent measures put in place by the CBN has helped in reducing the rate of successful online theft in the country.

NIBSS provides the infrastructure for automated processing, settlement of payments and fund transfer instructions between banks and card companies in Nigeria.

Mr. Dipo Fatokun, Director, Banking and Payment System at CBN, said the CBN had in 2014 and 2015 introduced two factor authentication system for banks, to guide all financial transactions; the regulation of a non-EMV card, as well as the creation of fraud desk in all banks.

He said such measures helped in reducing financial losses in banks.

Kaspersky is trying to aid banks to detect Skimer and is providing techniques for identifying affected machines and secure their ATM networks in the future.