The Prosecutor’s office spoke about the new trick of counterfeiters in ATMs
Mikhail Tikhonov / Moscow-Live.ru
The Prosecutor’s office spoke about a new form of counterfeiting for fraud ATMs. As reported in the «Ether», the representative of the Supervisory authority Yelena Malyk, fraudsters paste on fake bills of special tape. ATM this bill perceives as real, accept it, and the amount credited to the account.
Then the criminals withdraw the money at another ATM already present bills. To reveal such a crime is possible only after the cash in the device, ends and begins the conversion, said Malyk.
She also said that in the first half of this year, the damage from crimes in the banking sector exceeded the 2018 and amounted to 154 billion rubles. The Prosecutor’s office believes that the increase is associated in particular with the improvement of the quality of the identification of such crimes. As previously reported by the Central Bank, the number of counterfeit banknotes in Russia for the year decreased by 15%, the most counterfeited banknotes of large denominations.
Recall that in November last year the experts of the Positive Technologies company came to the conclusion that most modern ATMs vulnerable to theft and data leakage of Bank card customers vulnerable all ATMs. On average, hacking hackers the device required 15 minutes.
In August of this year, the Central Bank recommended commercial banks to stop using the old ATMs, which do not recognize the denominations «Bank of tricks» and accept them instead of real money. So, on August 23 it became known about introduction of 800 thousand «rubles» in the ATM «UniCredit Bank». Earlier notes «Bank jokes» were made at ATMs ICB, Sberbank and other banks. In all cases the attack was targeted the ATM company NCR: it was reported that the vulnerability that allows you to make fake ATM bills associated with the software device recognition notes.
And in may this year it was reported that the ATMs of Sberbank of Russia discovered a new fraud scheme: in the case of using the new algorithm, the attacker starts on the terminal operation without inserting the card, not completes it and walks away. The terminal provides for the completion of the transaction is 90 seconds and if during this period your card will insert the next client, then it will be debited on the previous request. For example, it may be an operation for the account of the phone through an ATM.
The experts noted that in this case the problem is on the side of a credit institution is in a scenario of operation of the terminal or in too long time-out. In ATMs of other banks, «basic» timeout is 30 seconds and the timeout to a minute and a half is a serious vulnerability, and not technical, but social: an inexperienced user may insert their card, without looking at the monitor. For greater security, it is proposed to reconfigure the payment device, reducing the duration of the session. In the savings Bank such facts explain the misunderstanding and negligence of the clients in the transactions.