IF YOU were one of 40 people who used a cash machine in Nenagh, Co Tipperary, one Saturday morning earlier this month your pocket might feel a lot lighter today.
The Bank of Ireland ATM in Market Cross was fitted with a rogue cloning or “skimming” device and copied the details of 40 cards inserted during a 37-minute period on October 13.
Without knowing it, people who queued up between 11.55am and 12.32pm that day to get cash out inadvertently gave their bank details — and personal identification numbers (PINs) — to highly trained fraudsters.
Armed with the details of the accounts, the cheats set about manufacturing cloned cards to use in shops, ATMs and online stores across Ireland — and so far 12 customers have had money siphoned from their accounts.
The bank’s spokeswoman, Mary Brennan, said: “We don’t know how many people have been affected overall as not all are Bank of Ireland customers but we’ve traced all ours who used the cash machine at the time.
“As customers of other banks like AIB and Ulster Bank can use our network and it takes time for us to be notified, we can’t say definitively how many people have been affected at the moment.”
Unless the other 28 customers have checked their balance, it is likely they are unaware their accounts are being emptied.
Earlier this month the same happened in Cork when skimming devices were fitted to two ATMs in St Patrick Street early one Saturday morning. One customer had €3,000 withdrawn from his account.
In the first three months of this year fraudsters made €4 million from “card tricks” like skimming, intercepting bankcards in the post, and stealing the identity of consumers to get credit cards.
Yet consumers could be forgiven for thinking card fraud was a ghost of the past, given the deployment of “chip and PIN” technology to install microchips onto cards and force consumers to key in a secret PIN for every transaction.
At a banking conference held recently in Cork and Dublin, delegates heard how fraudsters were still carrying on business as usual.
“Chip and PIN has worked and has clearly reduced the fraud it was intended to, which was in counterfeit, lost and stolen cards. Unfortunately, these criminals have moved onto other areas,” said industry official Úna Dillon.
One fraud providing lucrative returns is skimming, whereby crooks get bank details off the magnetic strips off genuine bankcards and then empty bank accounts or buy goods on credit cards.
The way skimming works is simple enough — and works because educated criminals — chiefly from Bulgaria, Russia and Nigeria — are exploiting holes in Ireland’s banking and retail industries.
Loopholes exist because certain retailers won’t install chip-and-PIN security technology, while online and mail-order retailers are unable to ask for the customer’s PIN for every transaction, meaning fraudulent transactions stand a greater chance of being approved.
The way banking works abroad also means fraudsters here can get a “bonus” every time they skim the card of a foreign visitor.
Countries such as the US have yet to place microchips on the front of all credit and debit cards — so ATMs in Ireland cannot easily tell if a card is fake.
As most US cards have only a magnetic strip that can be easily cloned, cash machines will pay out — and transactions can go through a shop till — unless the computer at the customer’s bank on the other side of the world notices a fraud.
So if the customer’s bank finds nothing wrong with, say, a withdrawal of €200 or a €250 shop purchase — the transaction will go ahead.
By contrast, almost all the four million cards issued by Irish banks use chip-and- PIN so ATMs can recognise when fakes are used as counterfeits do not have microchips.
However fraudsters still get round chip-and-PIN safeguards by using fake cards when targeting internet retailers and mail order firms, neither of which ask for PINs or can swipe cards.
Tackling the fraud is proving a harder job, even with technology and the help of the forces of law.
In 1996 the amount fraudsters made in Ireland was about €2m, yet last year the figure came in at €12.5m, a sixfold rise in a decade in the wrong direction.
Ireland’s card-issuing banks are looking at installing a virtual chip-and-PIN system for internet transactions while the use of fingerprint scans is also being considered — before the next wave of fraud arrives.
“In Ireland we are in the far west of Europe and see the fraud trends arriving a lot later,” said Ms Dillon
“We aim to keep one step ahead but it is quite difficult as the criminals keep on going too.”
How card-skimmers get your bank details:
* They attach false fronts onto ATMs and inside these are devices that can read the magnetic strip on your credit or debit card as you take out cash.
* They also watch you key in your PIN — by a camera installed on the ATM, by a false numeric keypad or by simply looking over your shoulder.
* They then “write” the information onto a fake card with a magnetic strip and then head for shops which have yet to install chip-and-pin terminals, knowing the cards will most likely be accepted.
* Alternatively, they target online retailers or mail-order companies and buy high-value electrical goods, confident that the merchandise will arrive before the consumer spots the fraud and cancels his card.