The arrests of three Seattle-area men for their involvement in two separate ATM-skimming schemes highlight technological and social vulnerabilities that international fraudsters have learned to exploit with ease.
Three Seattle area men have been arrested for their alleged involvement in separate ATM skimming schemes that drained more than half a million dollars from retail customer accounts in at least six states.
According to the Pasco County, Fla., Sheriff's Dept., at least 44 customers were defrauded of thousands of dollars, after their cards were skimmed at two walk-up ATMs at area banks, including Bank of America.
You know the tune: Cyber thieves pirated the town's banking credentials, arranged some bogus "payroll transactions" with the town's bank and then next thing you know ... money mules are transferring funds to the Ukraine.
As more criminals target branch ATMs, industry experts wonder if links to insider fraud might not be to blame. Recent brazen attacks prove even in a bank or credit union lobby, ATM skimming can strike.
"I think this is another great example of the lengths to which criminals will go to perpetrate these schemes, and the amount of homework they do," says Julie McNelley, banking and payments fraud analyst at Aite Group.
Two stories stand out when I look back on the month of May: the POS PIN pad swap scheme that hit Michaels crafts stores in more than 20 states and the insider job at Bank of America that led to $10 million being stolen from some 300 customer accounts.
Technology to fight ATM skimming continues to advance, but so do the threats. Fraudsters have devised new ways to work around - if not defeat - new anti-skimming solutions, say industry experts who point to global ATM fraud trends.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Banking/security leaders aren't crazy about banking regulators telling them they could have done a better job detecting ACH fraud, and they're eager for more specific guidance on what to do going forward.