Last week, Delhi police found that Rs 19 lakh had been fraudulently withdrawn from 87 accounts in three ATMs in the space of seven days. This was done by skimming, a procedure in which criminals clone ATM cards with stolen data. There have been precedents in the country.
A skimmer is a device designed to look like and replace the card insertion slot at an ATM. The skimmers, which cannot be usually spotted by an untrained eye, have circuitry that read and store the data on the magnetic strip of an ATM card even as the ATM processes the same data.
Typically, fraudsters also install pinhole cameras in inconspicuous places like the top of the cash dispenser, the deposit slot or just above the keyboard. This steals the PIN for the card. In some cases, criminals have also used a fraudulent PIN pad fitted with a skimming device and placed atop the original pin pad.
Days after installation, criminals recover the skimming machines and cameras and collect the stolen data, and decode the PIN for a card. In one case, in Thiruvananthapuram, data were collected remotely in wireless mode from the skimmer and camera, police said. Using stolen data, the criminals clone ATM cards and use these in different cities; at other times, they transfer the data to associates, or sell the data to other gangs.
In September 2017, an alert cash loading agent found illegal devices attached to a Kotak Mahindra Bank ATM in Bengaluru. Police ordered bank authorities across Bengaluru to check for similar devices at other ATMs. The police found a similar skimmer and mini-camera installed at a Kotak Mahindra ATM at the Bengaluru international airport. CCTV footage revealed that the same persons had installed the skimmer and camera at the two kiosks, 40 km apart.
The Karnataka CID laid a trap at the two ATMs. Romanian national Dan Sabin Christian, 40, and Hungarian national Mare Janos, 44, who had arrived in India for the first time on a tourist visa on September 1, 2017 and were due to leave on September 19, were arrested when they entered one of the ATMs to retrieve a skimmer and camera they had installed.
The two were earlier caught in Jamaica for a similar offence, CID officials said. During interrogation, they claimed they were working for a UK-based operator of a gang involved in stealing ATM card data while travelling in foreign countries. Last year, Christian and Janos jumped bail in Bengaluru and disappeared without facing trial.
The modus operandi of the two men matched that used by gangs that had been involved in data theft at ATMs in Thiruvananthapuram in 2016, and in Hyderabad and Mumbai in December 2017.
In the Thiruvananthapuram case, one of the suspects, Gabriel Marian, 27, was arrested in Mumbai. Investigations showed skimmers and cameras were planted at ATMs in Thiruvananthapuram, data were collected in wireless mode at a nearby hotel, and cards were cloned; these were later swiped in other parts of India where the gang travelled on their travel visas.
In the Hyderabad case, four Romanian nationals were found involved — Vasile Gabriel Razvan, Buricea Alexandru Mihai, Ticu Bogdan Costinel and Pucia Eugn Marian. They came to India in December 2017 and targeted Mumbai and Hyderabad. After installing skimmers and miniature cameras at various ATMs without guards, they cloned over 500 debit cards and withdrew Rs 35 lakh, including Rs 1 lakh from one account of a Hyderabad resident.
The gang allegedly utilised the services of another gang, of Nigerian nationals, to covert the money into euros and transfer it to Romania through Western Union. The Cyberabad Police identified the gang through CCTV cameras. Vasile and Buricea were arrested from Mumbai with Rs 35 lakh cash, and skimmers, miniature cameras, and hundreds of cloned cards. Ticu and Puica escaped.
Last month, the detective department of the Kolkata police arrested three Romanian nationals for installing skimmers and cameras at two ATMs.
“These types of cases are being reported from even small towns. There are even Indian gangs involved. With most ATMs being unguarded these days and with cash loaders being rarely observant regarding illegal attachments to ATMs these cases seem to be on the rise,’’ said M D Sharath, Deputy SP (Cyber Crime) at the Karnataka CID.
In the Delhi case, local criminals are suspected. Among Indian gangs found involved, a majority seem to either buy data on the dark web and clone cards, while some steal data themselves by installing tiny skimmers on card swipe machines at commercial establishments.
One key Indian operator whose name has cropped up in cases in Jaipur, Chennai, Hyderabad Mumbai and Bengaluru, and who has been arrested several times but has moved to a new city after every arrest, is known in police records as Manoj Kumar alias Rajesh Sharma alias Akshay Kumar. His alleged modus operandi is to purchase stolen credit card data online from suppliers abroad, clone cards and use these in machines obtained under the name of fake businesses, or at external business establishments. Kumar was also involved in stealing ATM card data through skimmers installed on card swipe machines at places like a unisex beauty saloon run by him, police said.
In 2016, the cyber crime police in Bengaluru seized nearly Rs 2 crore parked in various bank accounts by Kumar. Police found that at the time, he had assets worth more than Rs 20 crore.
Can it be prevented?
Prevetion of skimming is possible with the alertness of people who load cash in ATMs and bank officials who can spot any illegal devices planted in ATMs; posting guards at ATMs; installing machines that do not facilitate installation of cameras and skimmers; and use of new high-security bank cards that have facilities against theft of data through skimming.
Inputs from Sreenivas Janyala in Hyderabad & Anand Mohan J in New Delhi