TBT: From bezels to bombs: ATM fraud runs the gamut

A recent news item catalyzed this week’s Throwback Thursday selection (originally posted in January). Six days ago, reported Associated Press, three men entered a Philadelphia restaurant and, after ordering, blew up an ATM located there. The explosion “… damaged the ATM and the window and knocked items off shelves behind the counter.” Unable to remove the cash box, the hapless thieves fled.

Some thieves take on smart ATMs with high tech gadgetry. Others, you could say, have a shorter fuse.

The United States Department of Justice recently sent notifications to 2,000 residents in my home state of Utah. Recipients are presumed victims of one Alexandru Cosmin Licsor, freshly extradited from Romania. The purpose of the letter was to inform them of Licsor’s Salt Lake City trial, which begins one week from today. According to KSL.com:

Authorities said 37-year-old Alexandru Cosmin Licsor would install skimmers and cameras at ATMs along the Wasatch front then wait for customers to make withdrawals before cashing in on their hard-earned money … 

“It reads the data on the bank cards and they get the pins from persons that enter their PIN. They usually have a camera and that’s how they were able to get the data and they just duplicate it,” said FBI special agent Dave Fitzgibbons … 

According to the indictment, Licsor attempted to withdraw $512,960.13 and succeeded in withdrawing $189,740.30 from ATMs belonging to other banks and as far as New Mexico … The FBI suspects Licsor is part of a larger criminal organization operating in the Netherlands, Italy, Romania and Mexico.

“ATM fraud,” said one Utah resident who prefers I omit his name, “that’s still a thing?”

Yes, Virginia, ATM fraud is still very much a thing, and it doesn’t look like it’s going away anytime soon. Fraudsters develop and install myriad high tech hacks on ATMs. A new PYMNTS.com article reports that David Phister, systems security product management director for Diebold Nixdorf, said that … 

… ATM skimming and jackpotting—where malicious code or hardware is installed at the machine to coax cash to be spit out on demand—remain among the most significant security concerns into the holiday season.

… Phister told PYMNTS that consumers should be especially vigilant about inspecting machines for “false bezels,” which are typically fixed over the card reader or other parts of the ATM, and which can house tiny “pinhole” cameras that record PINs as they are entered on keypads.

Consumers are well advised toward vigilance, but then, there’s only so much that the untrained eye can be expected to detect. False bezels are hard enough to spot, but at least they’re mounted on the ATM exterior. Data theft devices hidden inside the card slot present a bigger challenge—even to the better trained eye. PYMTS.com continues:

Another tactic involves the use of razor skimmers, which [Phister] described as part of the newest wave of fraud. They are, well, razor-thin inserts that fit within the card acceptance slot, and read the data housed within the magnetic stripe of cards inserted into the hacked ATM.

But not all ATM thieves resort to high-tech solutions. Some rely on the more traditional, Butch Cassidy-esque approach, which is to say, explosives. 

In the Netherlands, blowing open ATMs had become so prevalent that, just a few weeks ago, ABN AMRO took the drastic step of emptying and shutting down 470 ATMs. In an official press release, ABN AMRO announced that it …

… has temporarily shut down 470 cash dispensers with immediate effect. This emergency measure is needed in view of the growing number of violent ATM explosive attacks. All cash has been removed from the machines. The past few months have seen a sharp rise in violent ATM explosive attacks, particularly targeting a certain type of cash dispenser used by ABN AMRO.

The move won’t leave ABN AMRO customers entirely ATM-less, however, for only about half of its ATMs are of that “certain type.” The press release continues, “At another 400 locations, ABN AMRO has different types of cash dispensers. These will remain open for use.”

Meanwhile, other Dutch banks, preferring not to tempt explosive fate, are emptying and shutting down ATMs between 11pm and 7am. On December 19, Finextra reported that:

… the operator of the Dutch banking sector’s joint ATM network says the overnight shutdown will take effect immediately. The firm will also move any cashpoints that pose an elevated risk to nearby residents and place them in safer locations. The company is working with De Nederlandsche Bank and the police to implement new measures which will render banknotes worthless if stolen by raiders.


Over 70 people have been arrested so far this year in connection with ATM bomb attacks by special ATM Raids Units set up by the Dutch police force.

“Digital security is an arms race,” I wrote in this blog in August of 2017:

Each time the good guys come up with a new way to foil hackers, the hackers simply busy themselves defeating it. I don’t expect the arms race to end anytime soon, if ever. Not even chip cards will do away with fraud, although chip use in Canada and other countries has reduced it.

What I seem to have overlooked at the time was that, for criminals who prefer not to trouble themselves with technology, there’s always dynamite.

Comments are closed.