CUNA Mutual Group Risk Alert: PINs Caught On Camera at Drive-Up ATMs

ATM skimmers or shimmers alone don’t capture PINs. For that, fraudsters often rely on tiny hidden camera overlays. Unfortunately, ATM tampering continues to plague credit unions and members. Recent reports show that fraudsters have cleverly focused on drive-up ATMs since people are less likely to cover the keypad as they enter their PIN.

Fraudsters typically focus on the path of least resistance to capture card information. Recent reports suggest their focus has turned to drive-up ATMs as fraudsters realize that people are lazier or find it more difficult to conceal entering their PIN at these machines.

There are many ways to install hidden cameras – usually concealed somewhere on the front of the ATM. Frequently, fraudsters skillfully conceal the insert skimmers into the card slot and pair it with a hidden camera covering the security camera which is angled towards the keypad or they may use one that is disguised as a PIN pad privacy cover. They also use an all-in-one type of skimmer that covers the entire mouth of the card reader slot.

Stand-alone ATMs at stores and in parking lots are the most enticing targets for the thieves, as are drive-up ATMs where users find it more difficult to cover your PIN as you type it in. Fraudsters realize that people will be either lazy or just find it too difficult to attempt to conceal entering their PIN with the other hand which allows the hidden cameras to capture the PIN.

Unfortunately, cameras aren't the only tools at the ATM skimmer's disposal -- fake keypads can be used to record PIN inputs, too.

Nevertheless, simply covering your PIN with your other hand or some object such as a wallet is the best way to combat having your PIN compromised. Education of your members is key to preventing this type of fraud.

For credit union ATMs, you should have a thorough and routine ATM inspection process. The inspections should be documented, including photographs, to help identify suspicious tampering and/or devices.

Risk Mitigation
Credit unions should consider these mitigation tips:

  • Consider implementing card-free ATMs such as contactless tap and go transactions.
  • Conduct regular, daily inspections of your ATMs, if possible. Use an ATM inspection checklist as a starting point to ensure consistency of the inspection. Potential indicators of tampering can include: Sticky residue or evidence of an adhesive to affix the device; Scratches; Damaged or crooked pieces; Loose or extra attachments on the card slot; Noticeable resistance when pressing the keypad, card reader, or around the camera area.
  • Educate members to cover the pin entry pad when entering your PIN – including at stand-alone or drive-up ATMs. Use your other hand to shield the ATM keyboard.
  • Alert members to report anything suspicious to the credit union. If anything is determined to be suspicious, shut down the ATM.
  • Work with ATM vendor for solutions regarding the identification of any foreign devices.
  • Develop rules specific to fallback transactions by working with your processor. Consider blocking all fallback transactions at ATMs.
  • Look at patterns of PIN-based fraud. This can be a sign that your members’ PINs are being captured and fraudulently used.
  • Ensure your ATMs are EMV-enabled and reading the chip.
  • Educate your staff and members on these fraudulent schemes and tampering.

Risk Prevention Resources
Access CUNA Mutual Group’s Protection Resource Center at cunamutual.com for exclusive risk and compliance resources to assist with your loss control. The Protection Resource Center requires a User ID and password.