BHOPAL: Incidents of fraudulent cash withdraw from three separate cash deposite machines (CDMs) and ATMs of nationalised bank in Shyamla Hills and TT Nagar have raised questions on the safety of ATM kiosks in the city.
Similar fraud incidents were reported during the same period from Indore, Khandwa and Chennai. Police suspect involvement of a Haryana gang which specifically tampers the CDMs/ATMs and fraudelently withdraws money. A police team was sent to Mewat region in Haryana to nab the accused.
Two unidentified fraudsters targeted ATMs of a nationalised bank located merely100 metres away from TT Nagar police station and fled after fraudulently withdrawing Rs 2.2 lakh. Previous to this incident, fraudters had targedtted two CDMs fitted outside nationalised banks at Panchanan Bhawan in TT Nagar and Hindi Bhawan at Shyamla Hills. In all three incidents the fraudsters siphoned Rs 10.5 lakh from three bank branches.
Interestingly, all three incidents were committed between June 17 evening and June 18 morning, but they were reported to police much later. In Indore seven such cases were registered in 13 days from June 18 till July 1. ASP Zone-1 Ankit Jaiswal said, during investigation it was revealed that the accused use different ATM cards to withdraw the amount from the CDM/ATM.
When the cash is dispensed by CDM/ATM, they take the entire amount leaving behind one or two currency note stuck in the machine which is taken back by the machine. ‘ The amount is deducted from the holder’s account, but once the currency note is taken back by the machine, the transaction is reversed and the amount credit back into their account. Police have found that most of the ATM cards used by the accused to commit the fraud were issued bank accounts in Haryana.
This is not the first time, a Haryana gang targeted ATMs in Bhopal.
In 2015, Kotwali police nabbed two accused including one from Faridabad in Haryana and other from Ludhiana Punjab along with 60 ATM cards issued in the names of their friends and relatives.
The accused revealed that they inserted the ATM card and switch off the power supply (even before the transaction slip came out) while the cash was dispensed.
This way, the bank software can’t register the transaction, considering it a system failure, and within a week it would again credit the same amount in the person’s account.
Despite duping the banks of thousands, the fraud never got detected and the records didn’t show the money was withdrawn. The bank or its customers do not lose money in these cyber-attacks, but the ATMs run dry of cash.
Police investigation revealed that it takes long for a bank to verify if a transaction has been completed or not because the process involves several agencies and banks. Taking advantage of this, the accused used to carry out frauds away from their native place. They would use debit card of X bank in Y bank’s ATM to make it difficult for the banks to confirm if a particular transaction failed or had been completed.
Recently around a week back Khandwa police nabbed Mohammed Ansar Mewati, 25, a resident of Nuh district in Haryana while his accomplice Shahzad Mewati managed to run away. Police recovered around 90 ATM cards from his possession. The accused had a key to the ATMs using which they could open the panel above the monitor. They would first withdraw money from their account using an ATM card, then open the panel and put it in the supervisory mode, hence rebooting the machine. They would then file a complaint in the customer care that the money has been deducted from their account, but the cash had not come out of the ATM. Reading it as failed transaction, money would then be reverted to their accounts. In this way the men were able to withdraw cash but at the same time have the money credited back into their bank accounts.
A senior police officer said that now the ATM fraudsters have become very smart and have started using the cutting edge technology to siphon money from ATMs. The fraudsters use Man in the Middle (MiTM) ATM hacking in which cyber fraudsters secretly intercept the two-way encrypted messaging and data transfer between an ATM and its bank servers and manipulate it to prompt ATMs to spew cash. The RBI in a 22-page advisory in February 2021 had specifically asked all stakeholders to upgrade their ATM security to thwart such MiTM attacks. The accused inserted a ‘blackbox’ like device to hack ATMs.
