Card fraud

In an attempt to prevent criminals from shoulder surfing the customer's Personal Identification Number (PIN), some banks draw privacy areas on the floor. For a low-tech form of fraud, the easiest is to simply steal a customer's card along with its PIN. A later variant of this approach is to trap the card inside of the ATM's card reader with a device often referred to as a Lebanese loop. When the customer gets frustrated by not getting the card back and walks away from the machine, the criminal is able to remove the card and withdraw cash from the customer's account, using the card and its PIN. This type of ATM fraud has spread globally. Although somewhat replaced in terms of volume by ATM skimming incidents, a re-emergence of card trapping has been noticed in regions such as Europe where EMV Chip and PIN cards have increased in circulation.[89] Another simple form of fraud involves attempting to get the customer's bank to issue a new card and its PIN and stealing them from their mail.[90] By contrast, a newer high-tech method of operating sometimes called card skimming or card cloning involves the installation of a magnetic card reader over the real ATM's card slot and the use of a wireless surveillance camera or a modified digital camera or a false PIN keypad to observe the user's PIN. Card data is then cloned into a duplicate card and the criminal attempts a standard cash withdrawal. The availability of low-cost commodity wireless cameras, keypads, ca d readers, and card writers has made it a relatively simple form of fraud, with comparatively low risk to the fraudsters.[91] In an attempt to stop these practices, countermeasures against card cloning have been developed by the banking industry, in particular by the use of smart cards which cannot easily be copied or spoofed by unauthenticated devices, and by attempting to make the outside of their ATMs tamper evident. Older chip-card security systems include the French Carte Bleue, Visa Cash, Mondex, Blue from American Express[92] and EMV '96 or EMV 3.11. The most actively developed form of smart card security in the industry today is known as EMV 2000 or EMV 4.x. EMV is widely used in the UK (Chip and PIN) and other parts of Europe, but when it is not available in a specific area, ATMs must fallback to using the easy–to–copy magnetic stripe to perform transactions. This fallback behaviour can be exploited.[93] However the fallback option has been removed on the ATMs of a couple of UK banks, meaning if the chip is not read, the transaction will be declined. Card cloning and skimming can be detected by the implementation of magnetic card reader heads and firmware that can read a signature embedded in all magnetic stripes during the card production process. This signature known as a "MagnePrint" or "BluPrint" can be used in conjunction with common two factor authentication schemes utilised in ATM, debit/retail point-of-sale and prepaid card applications.