How Con Artists Withdraw Money From Stolen ATM Cards

A client using an ATM.
A file photo of a client using an ATM.
Photo
Money Box

A con artist working with Nairobi's notorious Automated Teller Machine (ATM) card fraud syndicate has revealed how money is stolen from debit and credit cards.

Speaking anonymously to Raquel Muigai of Africa Uncensored, the member detailed the process by which the cards are obtained and cash siphoned without.

The artist disclosed that a well-coordinated crew is deployed to source the ATM cards. The men and women targeted a specific calibre of people with revellers in nightclubs being the main targets.

A sillhoute of a hacker using a computer.jpg
A silhouette of a hacker using a computer on March 13, 2018.
Photo
CSO AMERICA

"They get the cards from clubs, and sometimes, one did not need to bring back a physical copy. An image of both sides of the card was enough," the informant stated.

Furthermore, the fraud member revealed a leader of the syndicate, had connections with employees in commercial banks who would also supply him with information on their clients' cards.

The leader was among the four whose bodies were found mutilated and dumped in the Lari forest in June.

Among the details obtained include the card holder's name, card number expiration date and the three-digit code at the back of the card- the Card Verification Value (CVV).

"We create accounts on online cash transfer platforms and link them to the cards using the information we got.

"Money of whatever quantity is then transferred to the online accounts, then withdrawn through mobile money transfer to sim card numbers used to register the fake accounts," the fraudster explained.

Cyber security expert Dr Bright Gameli stated that stolen cards can further be used to purchase products and services online. However, he explained that fraudsters have evolved and no longer steal dater but lure victims into giving it freely.

This is done by creating replicas of reputable institutions or businesses with proxy government sites attracting the highest number of unsuspecting victims.

"One of the easiest ways people are getting compromised is social engineering - the hacking of the human brain. Hackers ask victims questions or device ways to lure targets to reveal information they would normally not tell anybody," Gameli explained.

He noted that securing data on an individual basis boils down to securing one's phone number, limiting information shared on social media and securing e-mail accounts. Gameli emphasised that mails should particularly have very strong passwords.

"The email is the basis of security because all data or information stored online is tied to it. We also need to be cautious about conversations we have around people because that is how people get details about you," Gameli noted.

In addition, he noted that banks can also put in systems that will automatically detect fraud and deactivate cards immediately, without having to wait for clients to report stolen cards.

"A few banks have systems in place to detect such fraudulent transactions such as simultaneous multiple withdrawals and may shut down the card,"

Cyber Security expert Bright Gameli
Cyber Security expert Bright Gameli
File
  • . . . . .