Banks in India, Beware !!
Yet another ATM fraud hitting the headlines across the UK during the late November 2012. The trouble now is more physical, stopping the money being dispatched from ATM and tricking the customers which invariably result in increasing disputes between the bank and its customers. The UK’s Dedicated Cheque and Plastic Crime Unit (DCPCU) said it had seen a big jump in the rise in the number of incidents of so-called “cash claw” fraud in recent months, and is warning the public to report any incidents.
UK’s Dailymail reported in detail with images of ‘claws’ used to steal the money from ATMs. It was reported that the devices have been used at cash points across Britain, with 2,479 reported cases in the first half of 2012. Fraud losses through cash trapping and other ATM scams across the UK came to £29.3 million last year, according to Financial Fraud Action UK, although this is said to be dropping since chip and pin was introduced in 2004.
Problem for banks in India
With close to 100,000 ATMs, millions of uneducated users and emerging ground for technology frauds, India dubiously attracts fraudsters. So far, we have not come across any such ‘claw’ frauds stealing money from ATM. Unfortunately for the bank customers in India, a new vulnerability emerged, thanks to the instructions of National Payment Corporation of India (NPCI) on withdrawing ATM cash retraction facility by March 31, 2012. Earlier, when the cash retraction method was in force, the money would be taken back into the ATM if the customer did not remove the cash within a specified amount of time (say 30 sec), thus virtually not giving scope to any ‘claw’ fraud. Now, in the absence of such defence if any ATM machine is “clawed”, then the money would neither be retracted nor the customer could take it.
The cash retraction facility has been withdrawn reportedly, to contain the ATM fraud cases by misusing retraction facility at many bank ATMs. While the action could address a vulnerability, it has opened up another. While cash retraction facility misuse had impact on the banks, the ‘claw’ fraud would impact the customers as in the bank’s records the money would be debited to the customer account.
Customer education and public awareness seem to be effective to a limited extent, as long as the ‘education’ is not counter-productive. In the UK, the Police have warned account holders to be vigilant, but many devices are impossible to spot.
ATM designs, perhaps, need a revisit and with display of an alert on the screen and a transparent cash dispenser draw could help prevent this kind of exploitation of flaw.
More importantly, the banks and regulators should adopt a holistic approach, at least from the security point of view, while reviewing or withdrawing an existing control, to ensure the action would not result in another vulnerability. When it comes to security, golden rules have to be remembered, ALWAYS !!