4 Charged with $1.5M ATM Skimming

Brazen Crimes Targeted ATMs in Bank Lobbies
4 Charged with $1.5M ATM Skimming
Federal authorities have indicted four men for their alleged involvement in a $1.5 million ATM skimming scheme that targeted Citibank and JPMorgan Chase bank branches in New York, Chicago and Miami.

The United States Attorney for the Southern District of New York and the Special Agent-in-Charge of the New York Field Office of the Secret Service brought charges against Mihail Draghici, Ionel Dedulescu, Did Theodor Ciulei and Laurentiu Mugurel Manta for the scheme, which authorities believe led to the withdrawal of more than $1.5 million from multiple accounts maintained at Citibank and Chase between March 2010 and May 2011.

Ciulei, of Austria, and Manta, of Romania, were arrested May 29 in Chicago and are being transferred to New York; Draghici and Dedulescu, both of Romania, were arrested Dec. 2 at Miami International Airport, while attempting to board an international flight, and await trial in New York.

"Skimming is a devious form of high-tech robbery that threatens the integrity of our financial institutions and the privacy of banking customers," said Manhattan U.S. Attorney Preet Bharara in a statement about the indictment. "Today's Indictment deals a significant blow to one alleged skimming ring, and along with our partners at the Secret Service, we will continue to pursue and prosecute the perpetrators of these schemes."

All four suspects have been charged with conspiracy to commit bank fraud, conspiracy to commit access device fraud and aggravated identity theft, and could face more than 69 years in prison.

Modes of Attack

The indictment accuses the team of using different types of skimming technology. One method allegedly involved replacing PIN pads on branch lobby ATMs with manipulated devices that collected card details and PINs as customers entered them. Wireless technology also was allegedly used by the thieves to remotely retrieve the information. Another method is believed to have involved compromising card readers used for 24/7 access to ATM vestibules located outside the branches' main lobbies. Investigators say the fraudsters then used PIN pad overlays on the ATMs housed inside the vestibules to capture record PIN details.

While most bankers' focus their ATM skimming concerns on unattended ATMs, such as those located at islands or drive-up lanes, this scheme proves that even in-branch terminals can be compromised. Julie McNelley, a banking and payments fraud analyst at Aite Group, says the case further reinforces the notion that branch tellers and staff need better training when it comes to detecting skimming devices.

"I think this is another great example of the lengths to which criminals will go to perpetrate these schemes, and the amount of homework they do," McNelley says. "While it's common practice now for many branches to periodically perform a physical check of their ATM, to ensure that it has not been tampered with, few expect the PIN pads within the branch to be targeted. Knowing this, this gang seized the opportunity, betting correctly that they'd have an increased window of opportunity. This highlights the need for FIs to be variable in their fraud-mitigation efforts, to the extent possible, making it more difficult for criminals to predict likely countermeasures."

Fraudsters are always betting the odds, as a similar skimming scheme in 2010 at TD Canada Bank branches proved. Luckily, two bank customers discovered skimming devices affixed to the ATMs' fascia at separate branches in Calgary, Alberta. TD Financial Group spokeswoman Jacqueline Burns told BankInfoSecurity that customer and employee education played critical roles in thwarting the attacks. "We have been working really hard to educate our customers and employees," she said.

ATM Skimming: Still No. 1

Around $350,000 dollars is lost worldwide daily to incidents of ATM skimming, says ID theft expert Robert Siciliano. And most of those losses stem from attacks on ATMs. "Definitely, worldwide, more money is taken from ATMs," he says. "We're seeing more and more all-in-one systems, like skimmers with the pinhole camera all built into one. And we're seeing some systems with the keypad overlay built in. It's just getting easier and easier to do."

While skimming at the point of sale is growing, experts say the ATM remains the No. 1 target. Simply put, that's where the money is, says Chuck Somers, vice president of ATM Security and Systems for Diebold Inc., one of the world's top three ATM manufacturers. Somers says skimming losses at ATMs remain banking institutions' greatest ATM fraud concern. When compared with physical attacks, such as ram raids and break-ins, and logical security breaches, such as the injection of malware, skimming is the most common.

"The largest of the three, in terms of losses to institutions, is fraud," Somers says. "The fraud typically occurs via the attachment of external skimmers onto the machine with some sort of a PIN-recording device. ... There's a high ROI on this crime." [See 10 Tips to Improve ATM Security]

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.