- July 26, 2021
- No Comment
Exposed: How Fraudsters Use Software To Steal Billions Of money Using ATMs
Fraudsters have discovered security loopholes in Automatic Teller Machines (ATMs) in Uganda putting millions of customers at risk of losing their money.
The fraudsters discovered loopholes specifically ATMs manufactured by a Japanese firm, Hitachi, which they manipulate with simple techniques.
Previously, criminals used cameras to capture customers’ debit and credit card security numbers known as personal identification numbers (PINs) while transacting at the electronic cash dispensers.
The criminals could also attach skimmers to the cash dispensers to help them capture and clone the ATM cards. Once the customer left the ATM point, the criminals came in to transact on the customers’ behalf.
However, there are also cases of undetectable fraud that have been going on, leading to bank’s failure to balance money transactions of what is deposited and withdrawn from the machines.
A breakthrough however has been made in the Indian city of Chennai. Police who have investigated the cases have zeroed down to ATM machines manufactured by Japanese company Hitachi.
After multiple complaints that ATMs of State Bank of India were robbed but there were no traces of robbery since the tellers showed no signs of tampering and no robbery alerts were raised, it left bank officials and the police confused.
Following the investigation, the city police found that the common factor was cash deposit machines manufactured by the Japanese firm.
The report published by India Today says that police discovered that robbers identified a glitch in the cash deposit machines by Hitachi whereby once one entered the PIN and the machine releases the money, it has to be taken by the customer within a certain period of time, say 20 seconds. If not, the money goes back into the machine.
“The robbers allegedly used a technique to stop the sensor while withdrawing money by holding the cash in hand and removing it after the given period of time, for example, 20 seconds. The machine, thus, registers that no cash was removed.” The Indian paper wrote this week.
This would not be the case if ATM technology is up-to-date.
The Indian breakthrough will save millions of shillings in thefts which have been puzzling Ugandan banks since at least three banks in the country use Hitachi-made ATMs, with the latest being Postbank.
There have been increased cases of ATM thefts, and some have been recorded, but many go unnoticed.
In 2010, according to police reports, they reported an increasing number of Ugandans who mysteriously lost money electronically through their ATM cards.
In just three weeks, the police, recorded over 200 cases of ATM fraud.
In February 24, 2018, Police in Kampala announced that it had arrested Denis Etunu, then 38 years old who was said to be a habitual fraudster who stole money from several ATMs from the Centenary Bank, Kyaliwajala branch in Wakiso.
In 2019, Police in Mukono arrested Robert Musinguzi, a resident of Fort Portal for stealing from various ATMs in Mukono Municipality.
At the time of his arrest at the Bugerere junction in Mukono Municipality, Musinguzi was found with several ATM cards which he used to lure several of bank clients pretending to be helping them get money from ATM machines.
Musinguzi was later released from Police custody without trial and his whereabouts remain unclear to date.
In Bulenga, Wakiso District, Ronald Ampurira was in January 2020 nabbed red-handed at an ATM machine along Kampala-Mityana highway after swapping an ATM Card belonging to one Mulumba. He had just withdrawn up to Shs240,000 and had 25 other ATM cards.
The threats of fraud and theft at ATMs across the country according to experts, stem from the poor technology being used by the different banking institutions in the country.
ATM fraud forms the largest part of cybersecurity threat cases registered by the Uganda Police Force annually. The Uganda Cyber Security Report 2019/2020 indicates that up to 248 cases of cybersecurity cases were registered.
Predominantly it was found that ATM Cash recyclers manufactured by a company called Hitachi seemed to be most susceptible to these attacks. Several IT experts from the different banking institutions who asked not to be named indicated that Hitachi has not been adjusted to modern money and cybersecurity technology, being the reason for continuous fraud being committed on the ATMs.
“The Hitachi ATM machines are cheap and unreliable. Even after you get assurances, you realize another case where a person has been defrauded,” one of the sources who preferred anonymity said.
According to the Hitachi website, the technology used at ATM Cash Recyclers uses a cash module sensor in the cash recycling system, which incidentally is said to be the easiest to tamper with.
For instance, one can simply put the finger to mask the sensor while drawing the money and fill dummy paper instead of real cash into a tray, the user then walks away with the real cash, and the dummy paper gets retracted posing threats to clients using ATMs.
“Good ATM Cash Recycler machines do not expose their currency notes sensors to the public. It is always hidden behind the approach of any client,” Mr. Richard Bisula, an IT expert in one of the leading financial institutions says.
The exposure of currency note sensors by the Hitachi ATM Cash Recyclers makes clients susceptible to threats in cybersecurity thus leading to theft from both within banks and by goons who wait outside the ATMs in the garb of helping several unsuspecting clients.