ATM Fraud: Four Steps Your Credit Union can Take to Minimize its Impact

by Barney Moore

The migration to EMV, sparked by the liability shift instituted by Visa and MasterCard, was primarily about upgrading terminals at the point-of-sale (POS), as well as re-issuing credit and debit cards to combat counterfeit cards being used to make purchases at brick and mortar stores. It was widely expected that fraudsters would not go away and that fraud would materialize in other forms; primarily online or card-not-present fraud.  But leave it up to the fraudsters to stay one step ahead of the good guys with an increase in fraud at ATMs.

ATMs, being always connected to an authorization network, and requiring PIN for any transaction, has historically been an environment where fraud was rarely seen. As fraudsters become more sophisticated, and chip card usage at the POS is growing, skimming mag stripes together with capturing the PIN entry using a tiny camera, has led to an alarming increase in ATM fraud rates. The number of ATMs in the US compromised by criminals rose 546 percent in 2015 over 2014. And whereas skimming previously was predominant at 3rd-party-owned ATMs such as those found in 7-Elevens (in 2014 3rd-party ATMs were 10 times more likely to have a skimmer than a bank-owned ATM), overwhelmingly, bank-owned ATMs have become the most popular location for a criminal to set up a card skim operation because it affords the ultimate opportunity to capture a member’s card account and PIN number.

At the same time, fraudsters are becoming more elusive. According to FICO, fraudsters today favor rapid deployment and removal of skimming equipment resulting in a micro burst of fraudulent activity. By doing this, they capture a steady but smaller stream of mag stripe cards which are then sold in the black market. This plan of attack has been quite successful for fraudsters.

However, credit unions are finding ways to fight back. For example, Trailhead Credit Union of Portland, Oregon currently posts this banner at the top of their home page:

“ALERT: Until further notice, we have turned off ATM capabilities at all 7-11 ATMs due to recent fraudulent activity. Please use our ATM locator for other locations. We are sorry for the inconvenience.”

And if all this sounds gloom and doom, there is one bright spot—this is a problem that will solve itself eventually. As the U.S. chip card penetration and chip card-enabled POS terminal adoption increases, the stolen mag stripe becomes less useful. More importantly, there is strong incentive for both 3rd-party and bank-owned ATMs to be upgraded to be chip-enabled. Similar to the liability shift back in October 2015 for counterfeit fraud at POS terminals, MasterCard is effecting a liability shift for ATM terminals that are not chip-enabled, beginning October 2016. While Visa’s liability shift doesn’t take place until October 2017, it makes sense for the ATM owner to make the upgrade once, in time for the liability shift for both brands.

Click here to continue and see the four steps you can take to minimize the impact of ATM fraud.

Barney Moore is the Director of Portfolio Consulting Services with CSCU.

Strategic Link is the NWCUA’s wholly-owned service corporation, using the power of collective action to provide the Association’s member credit unions with exclusive, high-quality, competitively-priced products and discounted services. Try our new CU Match Up tool to find the right partner for your credit union’s business needs. Contact Director of Strategic Partnerships Craig Reed at today to find out how Strategic Link can help your credit union save money while meeting its goals in 2016 and beyond.


Posted in NWCUA.