How safe is your ATM?

How safe is your ATM?

It isn’t, if you consider the many ways it can be used to rob you of your cash. We list some common traps and ways to avoid them.

Aarti Sehgal
Aarti Sehgal, 25

Assistant Manager, Real estate company

Sehgal wanted to withdraw Rs 15,000 from her ATM, but the machine produced only Rs 13,500. She lodged a complaint with the bank, but as it was a tech fraud, the bank has refused to accept responsibility.

Aarti Sehgal took the cash from the ATM and automatically counted it. Then she counted the notes again. And again. She had punched in Rs 15,000, but the machine disgorged only Rs 13,500. If Sehgal had not checked—and many of us don’t—she would never have known about the fraud, blaming it instead on her fickle budgeting.

Sehgal’s case isn’t uncommon. “The first case of ATM fraud in India was detected in 2003,” says Mayur Joshi, CEO, IndiaForensic, an organisation for fraud examination and forensic accounting. “Since then, frauds have surged by 28%. After Internet banking and credit cards, ATMs are fast emerging as soft targets for fraudsters, who are evolving new techniques to dupe customers,” he adds. The 28% figure seems more alarming when you consider there were 32,342 ATMs across India till December 2007.

Besides getting less money from the ATM, how else can you be cheated? There are two types of frauds— at the counter and outside the counter. Take a look at some of the typical across-the-counter frauds:

Every bank is connected to its ATM via a server, and digital signatures are regularly sent to the server for authentication. Those with tech skills can interrupt these signals and reproduce them later. “This involves at least two people. One reproduces signals from behind the machine and the other withdraws the money,” says Joshi.

This is employed by non-techies. They place a thin plastic sheet inside the slot, blocking cash movement, or set up an additional slot over the genuine one. Either way, when you ask for cash, the transaction is complete but the cash doesn’t come out, either partially or fully. The fraudster waits till you leave the ATM cabin looking for help and then moves in to take the money.

Here the thief tampers with the card reader by affixing to it a magnetic tape along with a small hook. When the customer inserts the card, it gets stuck. The fraudster then offers help and asks the customer to re-enter the PIN. When the card still doesn’t come out, the customer generally goes out looking for help. The fraudster retrieves the card by removing the tape and the hook. With the card and PIN, he can easily siphon off money.

In this case, a fake card reader is fitted inside the machine. The reader gets all the information stored in the card and sends it to the fraudsters’ laptop through remote wireless technology. “This fraud has to be supported by phishing or spamming for getting the PIN number,” says Joshi.


Be alert: Don’t use the ATM if there’s someone close by, even if it’s the security guard. Always have the card ready before entering the counter. If your card is stuck in the machine, don’t ask anyone for help. Immediately report it to the bank using the phone in the cabin.

Be aware about attachments: Look for suspicious attachments or unnatural protrusions to avoid frauds through wireless tapping, skimming, or fake card reading.

Don’t disclose PIN number: Do not part with your PIN number and change it monthly or quarterly.

E-mails: Do not share your account information even if you receive an e-mail. If your account has been tampered with, inform the bank.

Mayur Joshi
Banks do not take any responsibility for technological frauds as there is no evidence to substantiate them.

— Mayur Joshi, CEO, IndiaForensic

A small spycam is fitted close to the machine, and it captures the card number and PIN. This information is used to make a duplicate card and swindle.

This usually happens when there are queues at ATMs. All that a conman has to do is stand close to a customer and read the information as it is being entered. The card is then either stolen or a duplicate made.

This type of fraud hasn’t reached India yet, but with third-party ATMs on their way, it’s a red flag. “Anyone with technological know-how can install such a machine. When a customer inserts the card and enters the PIN, the cash doesn’t come out. The software, however, takes the data, including the PIN number, which is used to make a duplicate card,” says Joshi.

Besides these, “there are off-thecounter frauds like spamming and phishing, where the information is stolen through e-mails, Web pages, voice calls or social engineering techniques,” says Gurpreet Singh, IT lawyer, Amarjeet and Associates.

So how can you protect the card information and the money? The good news is that new technology is being devised to reduce the number of such incidences. Says Sanjeev Patel, Executive VP & Head, Direct Banking Channels, HDFC Bank: “We have deployed ‘Jitters’ in all our ATMs, which make it difficult for a fraudster to copy the card details and replicate them.”

Smart cards are also being used to help prevent skimming. According to Pradeep Sen, MD, NCR Corporation, India, “Our smart-card solutions adhere to the new mandates set by MasterCard and Visa.”

Other technologies include smart-card authentication, biometric authentication and contactless card. But, according to anti-fraud experts, banks should also focus on enhancing physical security. “Fraudsters adapt to new technologies, so physical security is essential,” says Joshi.

Also, remember that the “banks do not take responsibility for technological frauds as there is no evidence”, adds Joshi. “We do not compensate the customer if the card number and PIN have been compromised by him,” says Patel.

So, does the law step in? Sadly, no. Praveen Dayal, cyber law specialist, says, “The IT Act 2000 does not have specific provisions regarding ATM fraud and the IPC can’t be relied upon. We need a better law.” Till that happens, be more careful while using your ATM card.