Arefraudswithdrawing yourmoneyfromATM?
Have you been to a bank ATM recently to withdraw money and received the message ‘payment declined’ or ‘insufficient balance’ only to find later notice the money has been deducted from your account?
You may be among thousands of ATM card holders desperately ringing up their banks while they are not able to help because their record shows you got the money. The fraud has been going on since 2018, its pace rising every year.
It is an "ATM switch" fraud, in which fraudsters withdraw cash from the machine after you have left. The Reserve Bank of India (RBI) and security agencies have issued advisories to banks to bolster security measures.
Banks have been asked to ensure end-to-end encryption in the communication network from ATM terminal or the computer and the ATM Switch, which authorises the transaction from the back-end. They have been advised to physically secure the network cable as also the input/output port within the ATM premises.
Fraudsters infiltrate the computer networks of the ATM, compromise it and withdraw cash from your account by MITM (man in the middle) attack and sending messages by "ATM switch" to the ATM host.
They first tamper with the internet network (LAN) cable of the ATM. Once this is done, the ATM cards are inserted in the cash dispensing machine and "Payment decline" messages from the ATM Switch are altered to "successful cash withdrawal transaction" and subsequently cash is withdrawn from the mahine.
The attackers insert a device between the ATM machine, router or data switch in ATM premises. This device has capability to modify responses from the authorisation host.
The fraudster then uses blocked or restricted card to submit a withdrawal request. When the "ATM Switch" sends a declined message, the attacker, through the device inserted in the network, alters the response to approve the transaction and the cash is withdrawn successfully.