‘Cash trapping‘ occurs when an ATM withdrawal operates as normal and customers may even hear the cash being dispensed, however the cash is not actually ejected from the machine because a criminal has used a small device to retain it, inside the machine. In most cases, customers will walk away assuming the ATM is out of order or they may report the issue to the branch if the ATM is at a bank. Once the customer walks away the criminal approaches the machine, removes the device, together with the cash inside it.

An average of 41 cash withdrawals is carried out by each person in Ireland every year and close to 100% of these works without issue. From time to time there are genuine instances where cash is not dispensed, due to technical issues at the machine. Customers are reimbursed when this occurs.

With this new scam, the card issuer will assume that the customer has received the cash and it will be debited from their bank account at the time of the withdrawal. All cases of cash trapping that are reported to the banks will be investigated and where there is an obvious wrong doing, customers will receive a refund for losses incurred. IPSO continues to work with its members, the ATM owners, to identify where the scams have taken place and affected cardholders will be notified, where possible. IPSO and the banks are also working closely with the Garda Bureau of Fraud Investigation (GBFI) to help prevent this crime. Some arrests have already been made and the GBFI continues to monitor the situation.

IPSO offers cardholders the following advice:

1. If cash does not dispense during a cash withdrawal at an ATM, report it to your bank immediately.
2. If you see anything unusual on an ATM, find a device or if an apparent part of the machine falls off while you are using it, report this to the Gardaí as soon as possible
3. Never use an ATM if you are suspicious of people loitering nearby
4. Use debit cards to access the money in your current account. This also reduces the need to carry cash and to queue at the ATM
5. Use alternative methods to obtain cash, such as the cashback facility on your debit card (e.g. Laser, Visa Debit, Maestro), which is available at most retail outlets
6. Please note that this scam affects a very small portion of ATMs around the country however knowing about the issue is the first step towards avoiding it

According to EAST, the European ATM Security Team on which IPSO is represented, cash trapping is becoming an increasing issue across Europe which has resulted in the evaluation by all banks of possible counter-measures.

While criminals will continue to endeavour to obtain cash from ATMs, reports show that ATM crime in general is very low. Banks here continue to work hard to prevent such ATM crimes as card skimming, card trapping and now cash trapping and with a little help from vigilant cardholders, the industry can aim to avoid scams and keep money out of the hands of criminals.

For more information on being safe at the ATM click here.
 

Payment Card Industry Data Security Standards, or PCI DSS, are mandated by the global card schemes for any shop that accepts payment cards either in a face to face environment or via the internet, telesales or mail order. IPSO's aim during the seminar was to share as much information as possible about PCI DSS and on how to become compliant with the standards. 

Presentations were provided on the day from IPSO and also from a series of guest speakers including Mathieu Gorge from Vigitrust, John Clarke from WorldNet TPS and Darren Kelly from the Irish Pharmacy Union. The presentations are available here. Simply click on the name below to see them.

Mathieu Gorge, CEO Vigitrust – The state of PCI DSS compliance – a global and Irish perspective

John Clarke, Head of Product Innovation, WorldNet TPS – PSP Case Study

Darren Kelly, Irish Pharmacy Union – the retailer's perspective

24th June – The crime of card skimming at ATMs has reared its ugly head again, with a number of Eastern European criminal gangs becoming active in the past couple of months, for the first time since early 2009.

Amounts of up to €60k have been absorbed by individual banks already this year due to the reappearance of this crime. While the majority of ATMs in Ireland now have anti-skimming devices installed, the criminals appear to be targeting the small number of machines that don't yet have the solution in place. In a similar manner to before, the criminals are using skimming devices at the throat of the ATM which captures the card details on entry. They use a micro-camera which captures an image of the PIN as the customer openly keys it in. They then use the genuine card details to create fake cards, which are used at ATMs abroad, in countries where Chip & PIN has not yet been implemented.

More than 23 incidents of ATM skimming have been reported to date to IPSO this year. Only a small portion of those attacks were successful while anti-skimming devices foiled the majority of attempts. In the rare circumstances where criminals were successful, the ATM card issuers continue to absorb the fraud losses and refund their customers.

IPSO appeals to cardholders to keep their PINs safe from prying eyes when using a PIN pad at an ATM or in shops. A very simple technique of covering the PIN pad with the free hand when keying in a PIN will mean that the criminals cannot use the card details for fraud. It's simple, but it works!

The banking industry is working tirelessly together with the Gardaí to keep these scams to a minimum and to ensure that the remaining ATMs in Ireland are upgraded to include the relevant anti-skimming technology. The Garda Bureau of Fraud Investigation (GBFI) has made significant arrests in the past month relating to ATM skimming and continues to be successful in the fight against this crime.

For more informaiton, contact info@safecard.ie or phone 01 663 6740

The IPSO Card Services Fraud Prevention Members' Seminar drew speakers from a range of industry backgrounds providing insight on enterprise fraud and recent fraud trends while focusing on e-crime prevention. The seminar attracted a record attendance level and feedback to date has been very positive.

In 2009 the total value of fraud lost to the retail banking industry is estimated to have cost approximately €16.7million. Chip & PIN continues to keep frauds such as skimming, counterfeiting and lost/stolen fraud to a minimum but unfortunately the criminals continue to find new areas to target and currently the predominant sector is e-commerce. Card Not Present (CNP) fraud continues to be the biggest issue with 74% of all fraud losses in 2009 relating to this type of fraud.

The Card Fraud Forum is the specialist fraud task force run under the auspices of IPSO Card Services, which collates industry fraud loss figures so that new fraud trends can be measured and the highest risk areas targeted. The purpose of the group is to share fraud data, best practice guidelines and to develop solutions to specific fraud issues.

Further Information:

For further information, please contact Úna Dillon, Head of IPSO Card Services, 01 663 6740 or e-mail: info@safecard.ie

Similar claims were issued by the Cambridge team just prior to the roll out of Chip & PIN in 2004 in which it claimed that Chip & PIN would not work. This was proven not to be the case. IPSO will shortly be issuing its fraud figures for 2009 however we can confirm that since the rollout of Chip & PIN cards the industry has seen a significant drop of more than 60% in fraud committed on lost and stolen cards as well as skimming and counterfeit frauds. In other words, Chip & PIN has worked and has been proven to be successful.

Commenting on the claims, Úna Dillon, Head of Card Services at the Irish Payment Services Organisation stated that; "We could simply compare the claims with a so-called expert suggesting that house alarms can be broken. It may be possible to put them out of action however in reality they are an excellent deterrent, continue to prevent break-ins in our homes and they continue to be updated to the latest technology. In a similar way Chip & PIN can be attacked but to date there have been no breaches to the technology as suggested by this recent report.
IPSO takes card fraud very seriously and deals with the live issues affecting people in the day to day payments environment. If we find, from real statistics, that cards are being compromised, we work with the industry stakeholders to ensure that identified weaknesses are removed and solutions implemented".

It is true to say that the type of fraud described in the programme can be detected by the banks’ fraud systems. In addition, under the banking code all card issuers are obliged to investigate every fraud claim. Where there is evidence of fraud, customers will always be reimbursed. The reputation of the payment card industry is based on the reliability of the cards systems and on customer protection. IPSO continues to work with banks, card processors, retailers and consumers to make them aware of the latest fraud prevention advice through the work of the SafeCard Task Force.

IPSO continually works to raise awareness of security advice and on how to protect against card fraud through media interviews, press releases, fraud seminars and conferences, specialised workshops and website updates. While criminals persist in testing the payments systems, IPSO monitors the activity and continues to take the necessary preventative measures in partnership with its members.

Card fraud figures in Ireland are well below the European average at 0.06% fraud to turnover, compared with latest figures of 0.14% for the EU. This low fraud figure is as a result of the fraud prevention work being done by the industry as a whole as well as the diligence of our cardholders and merchants.

For information on current payment fraud issues and fraud prevention tips see www.SafeCard.ie

One such e-mail currently being sent to consumers appears as though it has been sent by a major UK bank and strongly advises the consumer to complete an Online Banking Customer Form by clicking on the fake link contained in the e-mail. The link directs the consumer to an imitation website (which looks just like the real one). The reader is asked to fill in details to confirm their account details in order to ‘update’ their online banking security details.

IPSO advises consumers to be wary of requests for personal information, particularly payment and account details and reminds consumers that their bank or building society would never initiate contact with them for personal details via email.

According to Una Dillon, Head of IPSO Card Services, "Consumers should never give out personal information via the Internet unless they are 100% confident that they are visiting an authentic website. The best way to ensure this is to avoid following links in e-mails. Online banking users should always type the URL of the website they wish to visit into the navigation bar themselves."

This same advice can be applied to personal information being provided over the phone. If consumers receive an unsolicited /unexpected telephone call from an individual professing to be from a bank or other financial institution, they should always ask for a landline telephone number and check it against the phone book and/or hang up and phone their financial institution directly, using the phone number provided on their payment card or bank statement.

For further information on card fraud and simple, but effective techniques to protect against it, please visit www.SafeCard.ie