“The first line of defence against ATM crime is increasing awareness of the risks so that users can take simple precautions such as shielding their PIN when entering it and by keeping alert to any signs of tampering or suspicious activity at an ATM”, said Andrea Pirotti, executive director at ENISA.
“Information security has, for too long, been focusing on technical solutions to maximise protection”, he added. “Most ATM crime is focused on exploiting the human element and card holders must be more aware of the risks they are exposed to and how to prevent fraud occurring.”
Criminals often steal PINs through techniques ranging from shoulder surfing to complex skimming, which could involve a small spy camera, a false PIN overlay and even fake ATMs. Increasingly, Blue Tooth wireless is also used to transmit card and PIN details to a nearby laptop computer. Skimming incidents against European ATMs reached 10 302 in 2008.
Other methods used in ATM fraud include trapping and then retrieving cards, stopping withdrawals mid-transactions for then to complete them when the ATM fraud victim has left, or even trapping cash in the machine. ENISA added that organised criminal gangs also use sophisticated phishing techniques and hacking into bank computer systems and websites to obtain PIN and account information.
The number of ATMs in Europe increased 6% in 2008 to almost 400 000, and 72% of these are located in the UK, Spain, Germany, France and Italy.
Download the full ENISA report, ATM Crime: Overview of the European Situation and Gold Rules on How to Avoid It, here (PDF).