“Spotlight” on ATM Skimming
About ATMs & EFTPOS
Automatic Teller Machines (ATMs) and Electronic Funds Transfer Point of Sale (EFTPOS) terminals are used around the world to make either currency available to customers or to transact/make purchases electronically with convenience. Not all ATMs are owned by Financial Institutions. Some are independently owned by the merchant, others are part of an independently owned network. Queenslanders Credit Union owns a number of ATMs. Each are badged to reflect their inclusion in the larger rediATM network.
Secure use of an ATM or EFTPOS terminal
Here are some prudent actions that you can take when using an ATM:
- Choose ATMs that are in well lit, public or highly populated areas;
- Remove the cash quickly and secure it out of public view as soon as practicable;
- Be sure to remove your card;
- Be attentive to your physical surrounds during and after an ATM transaction; and
- Here are some tips for both ATM and EFTPOS terminal use:
- Make sure that there are no people standing close to you, while you are conducting a transaction;
- Be aware of attempts to distract you; and
- Cover your PIN number with your hand or purse/wallet when entering it on the keypad.
What is Skimming?
Card Skimming is a method to fraudulently capture information contained in the magnetic stripe on the back of your ATM/EFTPOS card. It can occur at either an ATM or an EFTPOS terminal. An ATM skimming device used to capture this information is often smaller than a standard pack of cards and is fastened close to or over the top of the ATM’s factory-installed card reader.It is generally used in conjunction with a pinhole camera device (either a mobile phone or other image capturing mechanism) that captures your PIN number when you type it in to the keypad on the ATM. This can be located above the keypad (eg: at the top of the screen area) or beside the machine – any location that can surreptitiously view the PIN number being typed on the keypad.In some cases, the keypad can also be compromised by keypad overlays – which record the keystrokes of your PIN. This is becoming more common in Australia at present. When you are using an EFTPOS terminal: - Make sure you can always see your card
- Cover your pin
- Only swipe the card once
- Where possible and if it’s available, use chip technology
- Be aware of the amount of funds you have in your account
- Following an EFTPOS transaction check store receipts for any irregularities – i.e. the store name
Skimming in this form has often occurred in taxis and at restaurants – where you handover your card to someone else to swipe. You need to ensure that you are able to perform the swipe yourself, or keep the card in sight at all times.
What to look for on your ATM
Ask yourself: - Does the ATM look “normal” – are there any unusual additions, markings or changes in the regular appearance of the ATM?
- Are there any “marketing/pamphlet” holders placed around the ATM?
- Is there any evidence of tampering at the machine (eg: glue residue, exposed wires, double-sided tape remnants)?
What to do if you think your card has been skimmed? If you believe your card has been skimmed, or if you have suspicions about an ATM or EFTPOS terminal due to its appearance or how the transaction was conducted please contact:Phone: 1800 753 377
Email: [email protected] or
Visit: your local Queenslanders branch
TAKE ACTION!
If you see any suspicious persons loitering around an ATM:
o Do not engage or confront the individuals;
o Move away from the ATM;
o Contact the police when it is safe to do so; and
o Check your account as soon as possible and notify your financial institution of any anomalies.
Remember: always cover your PIN entry with your hand, purse or wallet.
Fraud terms, tips & tid-bits
Click on the links below to learn more about common scams or go straight to the "Protect Yourself" section to find out the best ways to reduce the risk of becoming a victim of cyber-crime. Phishing
‘Phising’ is the latest form of online fraud. Most commonly, the term ‘phising’ is given to any email that entices the recipient to hand over personal details that could be used to access their personal information or accounts. The emails usually appear to be sent from someone you recognise or trust.
IMPORTANT INFORMATION: Queenslanders will NEVER ask you for your security information via email. If you receive an email, purportedly from Queenslanders, asking for confirmation of your personal details, contact us by phone immediately.
A phishing email may contain links that redirect you to the fraudster’s fake website. These websites can look identical to the real (i.e. legitimate) website. These website copies are called “spoofed” websites, and often include identical logos, formatting and design elements.
Spoofed websites will prompt you to enter your account details, passwords and other identification – the “phisher” has then caught you! It may be weeks before you notice that anything is amiss with your accounts. You may then notice your account balance is lower than you thought, or your credit card statement has strange items charged to it. If this happens to you, notify us immediately.
IMPORTANT INFORMATION: Queenslanders will NEVER spontaneously email you a live link to any website.
Viruses
Viruses come in many different forms; however, they are all nasty programs that can infect your computer and cause chaos. Virtually all viruses and many ‘worms’ only spread once you open or run an infected program.
IMPORTANT INFORMATION: Never open any email attachments unless you were expecting them and you are aware of the file contents. If you are unsure about any file you receive either delete it or contact the sender to confirm the contents before you open it. Viruses can also be transmitted via software you download from the Internet, so make sure any software is legitimate and clean before you download it to your computer.
Email transmitted viruses
Copies of virus-laden emails are sent to everyone in your email address book. Recipients unwittingly infect themselves when they open email they think is safe because it comes from a familiar sender. The process then repeats.
Worms
Like a virus, a worm is designed to copy itself from one computer to another, but it does so automatically by taking control of features on the computer that can transport files or information. Once you have a worm in your system it can travel alone. Because worms don’t need to travel via a ‘host’ program or file, they can also tunnel into your system and allow somebody else to take control of your computer remotely. When new worms are unleashed, they spread very quickly and can clog networks.
Trojans
These are programs that appear to be useful, but instead compromise your security. Trojans cannot spread or reproduce by themselves but they can cause a lot of damage to their host computer. Trojans spread when people are lured into opening a program because they think it comes from a legitimate source.
Zombies
Once your computer has been turned into a ‘zombie’, it will spew out spam emails to hundreds and thousands of people. These emails can cost you a lot of money if you are on a broadband account which charges for uploads and downloads.
Spyware
This is unwanted software installed on your computer to gather information from your files without your knowledge. It usually enters your computer as a software virus or from the installation of unreputable programs. Unwanted software or spyware may make your computer behave strangely: you may see pop-up advertisements even if you aren’t browsing the Web or your Web browser’s settings may have changed. Spyware may not cause damage to your machine, but will scan for personal and confidential information such as sensitive business information or your credit card details.
Spam
Electronic junk mail. More than just annoying, Spam often contains viruses and other nasty material. Spam can be hard to avoid, but installing anti-Spam software is a great start. Many email programs have built-in filters that can help you separate Spam from the email you really want, or you can contact your Internet Service Provider (ISP) and ask for their help.
Credit & Debit Card Fraud
A crime involving the unauthorised use of your credit or debit card details in order to access funds from your card account. Your card could be compromised if it is lost, stolen, or used for payment on unsecure or fraudulent websites, so it pays to be vigilant about how and where you use and store your cards. ’Skimming’ is another way your card account can be violated – this is when the information contained on a card’s magnetic strip is illegally obtained – usually downloaded by criminals via the Internet – and encoded onto a counterfeit card. A skimmer device can be as small as a pager and can be worn on a person’s belt or situated beside a cash register (think of a tiny EFTPOS machine). One quick swipe is all that’s needed to copy your card’s details.
TAKE ACTION!
5 Quick Steps for protecting your accounts online:
1. Install virus protection and firewall software and update it regularly.
2. Don’t open email attachments from unknown sources.
3. Don’t install or run programs of unknown origin.
4. When not in use, turn off your computer or disconnect from the network.
5. Keep your operating system and all applications updated (known as “patching”).
(Source: Microsoft Corporation)
Protect yourself
Regular computer maintenance is essential to a clean computer. Click on the links below to read more about: Backing up your files
Back-up your files on a regular basis to ensure important files and information aren’t lost in the event of a system corruption. The easiest way to do this is to burn your files to a CD using back-up software.
Patches
Make sure you update your operating system and software applications regularly. Software manufacturers attempt to fix problems with their products with small software programs called ’patches’. These patches are generally free to download. If you’re running Windows, go to Microsoft’s website and click on “Windows Update”, this will tell you what patches you need to install. If you’re running Macintosh OSX, click on “software update” in the “systems preferences” panel. This will check for available updates.
Firewall software
If you’re connected to the Internet you need Firewall protection – this is especially so if you are a broadband customer. Firewall software is a valve that only lets desirable traffic get through and stops any unwanted or malicious connections. Make sure you read the manual and set your preferences appropriately.
Virus Protection
The best protection is anti-virus software that attempts to trap viruses before they get to your computer. The software scans all incoming information looking for patterns or definitions that match known viruses. Anti-virus software needs to be kept up-to-date. Make sure you regularly log onto the manufacturer’s website and download updates.
Spam Protection
Keeping Spam at bay is essential to block viruses and phishing scams. Reputable anti-Spam software will detect possible Spam and move it to a separate file for you to later review. You can also subscribe to a Spam-trapping service. These services act as a filter, removing dodgy email before it gets to your inbox. Ask your Internet Service Provider (ISP) if it offers any anti-Spam filters.
Don’t reply or buy anything from Spam emails. Never contribute to a charity from Spam mail. Don’t forward chain email messages, as these may be hoaxes or even a virus delivery system. Plus you lose control over who sees your email address. Spammers also use chain letters to gather email addresses. To check on the legitimacy of a chain letter, visit the Hoaxbusters website hoaxbusters.ciac.org
It is also important to hide your email address from Spammers. When you sign up for free offers, order something online, or enter a contest, many Spammers will access and use these address lists. Here are some tips to help hide your address:1. Set up an email address dedicated solely to Web transactions. There are many free mail services available. 2. Only share your primary email address with people you know.3. Disguise your email address – use a disguised address whenever you post to a newsgroup, chat room or bulletin board. For example: you could give your email address as [email protected] using “0” (zero) instead of “o”. A person can interpret your address, but the automated programs that Spammers use cannot. 4. Watch out for checked boxes – when you buy things online, companies sometimes pre-check boxes to indicate that it’s fine to sell or give your email address to third parties. Un-check these boxes if you don’t want the company to contact you. 5. Review privacy policies – when you sign up for web-based services, review the privacy policy closely before you reveal your email address. The privacy policy will outline the terms and circumstances regarding if or how the site will share your information.
Password Security - NEVER tell anyone your passwords or PIN.
- NEVER give your passwords or PIN to anyone.
- Memorise your passwords or PIN.
- Don’t use the same PIN for all your cards.
- Change your passwords regularly, say, every few months.
- Don’t use something obvious as your password, e.g. your surname, birthdate, spouse’s name.
- Don’t keep your password recorded near your account details or cards. Don’t record your password in an obvious place such as your wallet or address book.
Verified by Visa
Verified by Visa is a service that lets you use a password and Personal Assurance Message (PAM) with your Queenslanders Credit Union Visa card. Your password is as easy to use as your PIN at an ATM – and it means you’re the only one who can use your Visa card to make purchases over the Internet from participating merchants. For added security, your PAM confirms that you are connected to a legitimate website, and that your card is being authenticated by your credit union. For more information about Verified by Visa click here.
Credit & Debit Card and Identity Protection - Protect your passwords and PIN using the rules above.
- Never respond to requests for personal information via email. If in doubt, call the institution that claims to have sent you the email.
- Visit websites by typing the URL into your address bar – never follow the links to a website from an email message.
- Check your statements and call us immediately if you see anything suspicious on your statement.
- Don’t let your card out of your sight at any time – when paying your bill at a restaurant, follow your card and keep it in your sight.
- Watch the cashier as they process your payment to ensure they don’t swipe it through any other device other than the EFTPOS machine.
- Card Skimming doesn’t only occur in Australia – be equally careful overseas.
- Always sign your card as soon as your receive it.
- Make sure your mailbox is secure or lockable.
- Tear up all credit card receipts and pre-approved credit card offers into small pieces before you throw them away. Keep your billing statements in a safe place.
- When using your card online, make sure you are using a secure website or have registered for Verified by Visa.
- If possible, don’t enter sensitive information while using a public computer at a library or Internet café. Make sure you log out of websites instead of just closing the browser window or typing in another URL. Don’t leave the computer unattended with sensitive information on the screen. Delete the temporary files and your Internet cookies.