ATM Based Frauds Router Compromise

ATM Based Frauds Router Compromise

Varun Kapoor, IPS

Additional Director General of Police, Narcotics and PRTS, Indore

Automatic Teller Machines better known as ATM’s are everywhere! They are in street corners to stores and restaurants. They are in malls, offices, airports, railway stations, bus stands and amusement parks – just about everywhere imaginable. They are one of the biggest revolutions as far as money dispensing to customers is concerned. They are responsible for “plastic money” becoming so popular and widely used today. But are they really safe to use? Probably not, with all the different forms of ATM related frauds that are taking place in large numbers today. Extreme caution and care should be taken by the individual customer as he uses such cards and withdraws hard earned money from installed machines.


Till recently it was thought that the most prevalent form of ATM fraud was – Skimming. That was by mounting a card reader equipped with a tiny video camera on the slot of an ATM machine and with the help of this skimmer, skimming the unsuspecting victims card details and PIN number. Armed with these details a cloned card was prepared and then money withdrawn from the victims account using the clone and the recorded PIN number.


This was bad enough and the customers of ATM’s were slowly coming to know how this fraud worked and the safety precautions to be taken to prevent them becoming victims. In addition banks were also switching from the magnetic strip based ATM cards to the chip embedded cards – where such skimmers could not copy security information of the individual chip based card. Security was being enhanced and citizens were being better protected.


But when do criminals and especially cyber criminals give up – probably never! They come up with new techniques and procedures to commit their crimes with ease, almost on a daily basis. This is what has happened in the field of ATM based crimes too. As if skimming was not bad enough – these rouge elements operating in the cyber space have come up with an ATM router based cyber crime. In this instead of targeting an individual customers and stealing their information – bulk information theft of multiple customers has been carried out. This has been done by targeting the router of the ATM machines. This heinous crime occurred in the months of July – October 2016.


In this crime the router between a number of ATM’s was infected with a malware. This malware originated in China and money was withdrawn in USA as well as China. It affected the routers and hence card details and PIN numbers of 19 banks in India which included State Bank of India, HDFC Bank, ICICI Bank, Yes Bank etc. It is believed that the malware first appeared in a Yes Bank router maintained by Hitachi Payment Services and then spread to other banks and their routers.


The modus operandi was very simple. The malware that infected the routers between ATM machines stole security data of customers who used the machines linked with the infected routers. In simple language the cheat was thus – when the customer inserts his/her card in the machine the security details of the card from the magnetic strip or chip is read by it and the information is collected. The entered PIN number is also recorded. These two details then pass through the router to the bank’s server. In the server the details are verified and the “go ahead” signal is received at the ATM machine and the desired amount of cash is dispensed to the customer using the machine. This information collection, transmission, verification and confirmation process takes just fraction of a second. In this fraud the router which had the malware stored the card security data and the PIN number of all the customers who used that router. This entire information was then transmitted to the hacker who had inserted the malware. As a result the hacker was able to clone the card of each customer and having the PIN too, he or his group could withdraw large sums of money from each customer’s account.


In this way the ATM Router fraud compromised the card details of 32 Lakh innocent customers and the quantum of money withdrawn was to the tune of a whopping 1.03 Crores. Though the damage in terms of money lost was not very worrying – what was worrying was the scale of this data theft or compromise.


Also irksome was the ease with which this crime was committed. The banks, though slow to respond in the beginning, blocked the compromised cards and even replaced many such cards free of cost. But the damage was done and user confidence was badly hit.


A kind of fear psychosis did develop for a length of time. In this case making individual customers aware of the security precautions to be followed for safe use of ATM machines was not going to work. That was because instead of the customers this time the banks and their equipments and procedures were to be blamed for this leak and consequent crime. The banks definitely will have to improve their security infrastructure to prevent such smart and easily carried out breaches in the future – and banks are already doing it I am sure. But what the customers need to do is set up a security regimen of their own to prevent theft of their hard earned money too. One thing they can do is to regularly change (at least once in three months, though it is preferable every month) their PIN. That way any data leakage will not hit them hard as they would have changed their PIN and the hacker would not be able to withdraw money from a remote location as the cloned card details will not match the changed PIN. The key will not fit the lock and the consumer will be protected – this time again by HIS/HER OWN SMARTNESS.