There was a story in the Washington Post a few days ago about a single skimming device placed on a Washington DC-area bank's ATM that netted the thieves some $60,000 if not more in just three days. The device was spotted by a technician working on the ATM, who then snapped a picture of it. The tech went inside the bank to tell officials about finding the skimmer, but when they returned a few minutes later to the ATM, the skimming device had already been removed.
I know I shouldn't be surprised by how easy and profitable this crime is to commit, but I still am. This story last autumn says that the ATM Industry Association estimates that over $1 billion a year is now lost each year globally to ATM-related crimes.
How profitable the crime is apparently depends on location and a bit of luck, as well, I suppose.
For instance, there was this story last December that skimmers in the north-west Chicago suburbs required eight days to steal "only" $20,000 at one bank location whereas other skimmers were able to take $70,000 after only two days of placing an ATM skimmer at another bank not that far away.
Does anyone know if there are any stats on the average and mean times of a skimmer being placed on an ATM, the location by average household income, and the total amounts skimmed?
Customers who get hit by a skimmer usually get their losses covered by the bank. The same is usually true (at least in the US) if their bank accounts are hacked into on-line. But as this Los Angeles Timesstory indicates, if it is a business account that is hacked or skimmed from, you are out-of-luck. Last year, the FBIwarned small businesses to be aware that they were now being specifically targeted for on-line scams.
Last year, I noted that the bank Absa, the largest retail bank in South Africa, was piloting an ATM that will spray you with pepper spray if you try to tamper with it in some way. I haven't been able to find out whether the bank has made this standard equipment on their ATMs there. Anyone know?
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.