The heinous practice by cyber criminals of cloning automated teller machine (ATM) cards and using them to defraud unsuspecting bank customers is on the rise. Many bank customers have lost their life savings to the fraudsters even when their ATM cards are not lost or stolen. You also risk all you have laboured to save if you are unmindful of where and how you use your ATM cards, INNOCENT DURU reports.
Bank officials responsible for most frauds – ICT, legal experts
Ex-NBA chief recalls how bank duplicated client’s corporate account for fraudsters
How to identify compromised ATM, PoS machines
On November 3, Ayo, a freelance journalist, was in the comfort of his room drawing a list of what he would need for his impending wedding and to set up a business for his wife to be. For these, he relied mainly on the money he had saved from his toils over the years.
But while he was busy drawing the items, his phone was being hit by messages in quick succession, but he was too engrossed with the task at hand to be distracted by them. By the time it occurred to him to check the short messages on his phone, he realised, to his chagrin, that they were debit alerts from his bank. The money he had banked on for the execution of his plans had been pilfered from his account. Surprisingly, the message in the debit alert indicated that the withdrawal had occurred two days earlier (November 1).
Ayo’s major shock was how it was possible for a third party to withdraw money from his account while he had his ATM card and mobile phone with him.
“When I went to my bank to complain, they searched and found that the money was withdrawn through a modern online payment system. I subsequently reached out to the company and they confirmed what the bank had told me,” he said.
Lamenting the situation, he said: “They have spoilt all my plans. They have returned me to ground zero. Where would I start from again?”
Checks with security and banking experts revealed that Ayo’s experience was one in the long list of ATM cards cloned and used to steal money from the accounts of innocent bank customers. According to ICT experts, most of such crimes are done with the connivance of bank officials.
Bakare, a colleague of the reporter, also tasted the bitter pill recently. He was also at home with other members of his family on a weekend when text messages started hitting his phone in quick succession. By the time he checked, he found a long list of debit alerts. His entire savings had gone.
He said: “I was troubled and kept wondering what could be going on. My phone was not stolen and my ATM card was also with me. So, how could my money have been withdrawn?
“When I went to the bank to complain, they asked if I transacted business with anybody, and I said no. They asked if I gave my ATM card to anyone and I also responded in the negative.
“They did some search and told me they found that the money was withdrawn in Maryland. When they said so, I thought they were talking about the Maryland in Lagos but they said it was the Maryland in the US!”
Unlike Ayo, who at press time was still battling to recover his money, Bakare said the bank immediately refunded his money.
“I guess they found out it was an internal fraud. So to avoid embarrassing themselves, they refunded the money so that the matter would die naturally.”
But another victim, who identified herself simply as Mummy Rachael, was not as lucky.
She said: “I had gone to Lagos Island to buy goods and make payments, so I went to an ATM point to withdraw money, after which I left for my house.
“Later that night, I started receiving debit alerts on my phone. Goose pimples enveloped my whole body immediately. I reported but nothing came out of it.”
ICT experts said she could have been a victim of an ATM machine that had been compromised.
Yet another victim, Abel, suffered a similar fate after he lost his ATM card but ignorantly did not block or retrieve it.
He said: “I did not see any need to block it because there was no money in the account.
“Unfortunately, I asked someone to send money to me, not knowing that some fraudsters had taken possession of the card.
“Shortly after the money was sent to me and I got an alert, I started receiving debit alerts. They cleared the whole money.
“It was after that ugly experience that I blocked the ATM card.”
Of course, Abel’s loss could be blamed on ignorance. But how would one describe that of Ogonna, a kinsman of the reporter had a massive loss to fraudsters.
Ogonna had received a call from fraudsters pretending to be bank officials, requesting that she should provide her ATM details to help rectify some problems with her account.
“Once I provided the details, they cleared all the savings I had made in 10 years. It is one hell of experience I hate to talk about,” she said regretfully.
ATM cloning not limited to Nigeria
Online checks revealed that ATM cloning is a global issue.
Writing on lovemoney.com, Felicity Hannah, a Briton, raised the alarm about card cloning as she recalled how her husband lost his savings to cyber criminals.
She said: “Last week, we saw how this kind of fraud works first hand. My husband received a text from his bank asking if he really was buying £950-worth of stuff in Sports Direct.
“Since he was at work (and isn’t exactly a fan of sports fashion), it was fairly obviously not him. But what confused us was that his card hadn’t been stolen; it was still in his wallet. And we take card security very seriously.
“When paying in shops or restaurants, he knows not to let the credit card out of his sight and he certainly hadn’t used any disreputable website – the only recent purchases had been booking a holiday on a travel comparison site and paying for a book on Amazon.”
How your ATM card can be cloned
Some ICT experts shared with The Nation how cybercriminals clone ATM cards.
One of the experts said: “There are many ways an ATM card can be cloned. There is a device they can slip into the ATM that will read your card and give them the details.
“There are people who could stand at a distance and see how you punch in your details. If they get your card number with the pin, they can activate it.
“Another is when you hand over your card to a PoS operator. He is putting your card in a machine which to you looks like a PoS but might be a machine that reads the details on the card.
“It is up to the authorities to find all the different ways. Any system you use can be breached. Nigerians have not yet met real hackers.
“One of the ways we are open to fraudsters is when you are buying things online and you are entering your details.
“Sometimes, some people put a fake site where you enter your details thinking that you are buying things. Suddenly, it will tell you “error” without you knowing that they have collected your details and they will start using it.
“The field is so open and so wide.”
Another expert, Mr Olusola Teniola, said : “You can fall for this incident even when you claim to have your ATM cards with you and your pin or signature attached to the phone have not been disclosed. Unfortunately some ATM machines, if they have cloning devices attached at the point of card entry into the machine, they can copy your ATM information, which is the card number.
“They can, through hacking techniques, get your pin number associated with the card.
“The most prevalent is that as a society we tend to in some cases give sensitive and private information to others to carry out transactions on our behalf without knowing that you are now exposing not only your ATM number but also the pin to a third party and that third party may share the information through their contacts.
“That is the easiest way to get people to clone your ATM card and use it without your knowledge.”
Bankers behind most ATM card frauds —ICT, legal experts
Relying on their wealth of experience, some ICT experts told The Nation that bankers are responsible for most ATM card frauds.
One of them, Bayo Banjo, said: “Most bank frauds are insider jobs. We haven’t had a situation where professional hackers would come and do everything from outside.
“The most common is from within the bank and the next is about being careless with your card.”
He described Ayo’s experience where the fraud was said to have been committed using an online payment portal as strange.
He said: “It could be that a staff of the online payment organisation is lifting details. How can someone duplicate that if it is not an insider’s job?
“If no code was sent to the owner of the account before payment was made, the first person they should hold responsible is the online portal.
“That is why every company that handles payment portals that read your card has to get thorough approval and have so many safety methods.
‘For instance, Interswitch will send a code by SMS to process transactions. But other ones that are external to the country are not detailed. They will just take your card number and the three digits at the back and the computer will check that the name matches the expiry date matrix.
“With those ones, you can read the details of someone’s cards. The banks should also put in place necessary control so that they can tell where the fraud is coming from.”
Former Second Vice President of the Nigerian Bar Association (NBA), Monday Onyekachi Ubani, shared Banjo’s line of thought.
“It is clearly sometimes the collusion of bank officials,” he said.
“The moment this thing happens and you come to them, they will first of all accuse you of compromising your pin. It is always the first accusation they will haul at you and you will begin to defend yourself. It then becomes my word against your own.
“But most times, if a deeper investigation is carried out by the security agencies, it will actually underpin those that are behind this criminal act. Most times, the banks don’t even give out information for that comprehensive investigation to be done.”
Ubani proceeded to share a disturbing experience of how a bank used his client’s details to open an account for suspected fraudsters.
He said: “I have a particular case now and, in fact, we are filing the suit this week against a bank where my client has a corporate account. The bank went and opened the same corporate account to fraudsters who are using that name to dupe people of various sums of money running into millions.
“The People they dupe will pay big money into the fraudulent account and they (fraudsters) will pay about N100,000 into the genuine account. They were doing this in collusion with the bank officials.