The case of breaking into the account of a BCA customer with the initials HAK who lost Rp135 million has recently been in the spotlight because it had gone viral on Twitter and Instagram social media. He admitted that he had never made any withdrawals or other transactions with such a large value.
When traced by the bank after the victim contacted BCA customer service, it turned out that there were traces of transactions worth Rp. 135 million from the victim’s account that occurred in Surabaya, East Java, while HAK is domiciled in Bandung, West Java.
The cash withdrawal process was carried out 4 times for the type of withdrawal of funds of IDR 2.5 million. Then there is a record of transferring funds to 2 different account numbers with a nominal value of Rp. 100 million and Rp. 25 million.
The BCA bank also reported that it had returned 100% of the funds to the victim’s account because they considered that the account burglary was not due to the customer’s fault or negligence.
However, at the same time as this incident, the bank said it might be due to skimming (duplication of customer cards). But what is skimming? What are the types and modes?
Confused about finding the best credit card? Cermati has a solution!
Definition of Skimming
Skimming or card skimming is the act of stealing personal information or data (account numbers, ATM PIN/credit cards and so on) by illegally copying the information contained on the magnetic stripe of a debit or credit card.
By modifying the hardware or software of payment instruments or using a card reader (skimmer). The theft of customer data stored on credit and debit cards often occurs when transactions at ATM machines or swipes with EDC machines.
After that, the perpetrator will obtain the information by illegally copying the data on the magnetic stripe of the debit or credit card. That way, the perpetrator can steal funds belonging to the victim without being noticed by the owner.
Generally, after the perpetrators have the victim’s data, they will make a dummy card or clone to make a transaction. The aim of cybercriminals to commit fraud is to steal the victim’s personal data and use it to access and drain money in the victim’s account.
Types of Skimming You Should Know
Skimming is a high-level crime that requires expert-level intelligence and technical skills. Therefore, only certain people can do it. Here are some skimming techniques that are widely used to carry out data theft and account breaches:
1. Use a Card Reader
Using a card reader is the most commonly used skimming technique. You do this by sticking a card reader (card reader) that is very thin and even difficult to see into the mouth of the ATM.
So, when you enter the UK card into an ATM that has a card reader installed, all data from debit, credit, to card PIN numbers will be entered into the card reader.
2. Installing a Hidden Camera
Usually, the person will install a micro camera at the top of the PIN board or ATM mouth that can detect all your activities. Including entering a debit or credit card pin. This micro camera can also be installed in an angle that can look directly at the ATM machine button to enter the PIN.
3. Fake ATM Mouth
The shape and size of the fake ATM mouthpiece is usually exactly the same as the original ATM mouth, so many people cannot recognize the double mouth of the ATM. So when you withdraw some money from the ATM machine and it doesn’t come out, it could be because the money that goes into the mouth of the ATM is fake.
4. Additional Layers on the ATM PIN Button
This technique is by adding an additional layer on the PIN button, usually this technique is done at the same time as placing the micro camera in the mouth of the ATM. So, when the micro camera picks up the ATM card number, an additional layer of fake PIN will record your PIN number.
5. Sending SMS/Link to Personal Email
Apart from ATM machines, skimming can also be done by sending content containing the lure of gifts, discounts, credit bonuses, tour packages, online loans, and others either via SMS or email.
This technique is used under the pretext of withdrawing the prize, the victim will be lured into an ATM machine and directed to follow instructions given by the perpetrator such as transferring funds or top-up e-commerce balances.
Or it could be by directing the victim to click the link from the email that has been sent to withdraw the prize and directing them to a fake website that is similar to the official website of the victim’s bank account which finally makes the victim fill in the username, password and OTP code that can be recorded by the website.
Tips to Avoid Skimming Scam Mode
1. Avoid Lonely ATM Locations
If you want to make a transaction via ATM, it would be better if it was done in a more crowded location. Because a quiet location has the potential to facilitate the actions of people who want to commit crimes.
Avoid visiting ATMs that are not maintained because they are prone to fraud. Choose an ATM that is located safely, such as a branch bank, central bank or mall, supermarket or hypermarket, or gas station.
2. Make sure the ATM has CCTV
Security in the ATM room, one of which has CCTV in it. With CCTV, of course, all situations will be recorded and monitored directly at the bank office. So you don’t have to worry about using an ATM.
3. Checking the ATM Machine
Pay close attention to the physical condition of the ATM machine and its surroundings, if there are irregularities such as scratches, tape, glue marks on the ATM machine, do not make transactions. In addition, pay close attention to the insertion of the card and the keypad (number keys).
If there is anything suspicious, you should immediately report it to the officers / authorities and immediately cancel the transaction.
4. Changing PIN Periodically
It is very important to change your ATM PIN on a regular basis. The goal is for security and to avoid various kinds of fraud risks. Change your ATM PIN with a maximum period of once every three months. Use a unique PIN, avoid birthdays or consecutive numbers.
5. Using a Virtual Credit Card
If it turns out that the virtual credit card has been skimmed, there is no need to replace or block the original credit card. You just need to close the virtual card number. The virtual card feature can be created through the Privacy.com site, and it can also be through the card issuer’s official website.
6. Delete Emails from Suspicious Email Addresses
Check your inbox and spam emails and look for incoming emails with suspicious addresses. Like there @blogspot.com or @wordpress.com. Improper use of numbers in email addresses and inappropriate case.
7. Save or Destroy Proof of Transaction
Usually on the proof of the transaction there is an account number listed, so it can be misused by an irresponsible group of people. This of course can harm someone. So, after making a transaction at an ATM machine, you should save or destroy the proof of transfer by tearing it to the smallest part.
8. Change Magnetic Stripe Cards to Chip Cards
Chip-based cards are believed to be safer from burglary because the data stored on the chip has been encrypted so it is not easy to read. Of course, it is different from magnetic tape ATM cards which are proven to be easy to break into.
9. Checking the EDC Machine
When using an ATM/Debit card at a merchant/store that cooperates with the banking sector, please pay attention to the condition of the EDC (Electronic Data Capture) device.
Note, if there is a suspicious device, do not do the transaction and immediately report to the nearest bank/authorities.
10. Activate SMS Banking Service
By activating this service, you can immediately find out if there are unknown transactions from your account. So, you can more quickly report this to the bank. So that your account can be immediately blocked temporarily to avoid bigger losses.
Increase Vigilance for Transaction Security
Personal data is sensitive and can be stolen very easily. Not only account breaches can be carried out using personal data. But other illegal activities can also be carried out by using personal data that has been stolen by irresponsible people.
So, in addition to securing banking data, make sure you are also painstaking in securing personal data. Such as not carelessly giving ID numbers, cellphone numbers, personal emails or names of biological parents.