A gang of suspected Romanian criminals is using 3D printers and computer-aided design (CAD) to manufacture “sophisticated” ATM skimming devices used to fleece Sydney residents.
NSW Police recently arrested and charged a Romanian national with fraud after a money transfer officer contacted police over a suspicious transaction.
Police said they established a dedicated taskforce to address the skimming issue in June after seeing an increase in alleged offences.
The taskforce found one gang that had allegedly targeted 15 ATMs across metropolitan Sydney, affecting tens of thousands of people and nabbing around $100,000.
Commander of the NSW Fraud and Cybercrime Squad, Detective Superintendent Col Dyson, told iTnews the alleged gang focused on two types of ATM design, with one particularly “sophisticated” skimming device entirely self contained and accompanied by a tiny video camera.
Dyson declined to provide detail on how the devices were being manufactured, but said NSW Police were aware the gang was using 3D printers and CAD technology.
“These devices are actually manufactured for specific models of ATMs so they fit better and can’t be detected as easily,” he said.
“Parts of the devices are internally fitted, either by the offenders moving part of the slot and replacing it with their own, and pushing circuitry into the machines. [Another model] is so small it’s entirely self-contained and entirely pushed in, with some force, into the card slot.”
The devices are accompanied by a video camera which is attached above the location of the skimmer, and is tailored to the design of the particular ATM.
“They’re getting smaller and smaller with time,” Dyson said. “They’re trained down at the keypad where the pin is entered.”
The focus of skimming gangs is to obtain both the credit card and the PIN. Without the PIN, the credit card data has little value as the criminals will be unable to transfer money, make purchases or withdraw cash.
“The PIN is [the offenders’] key to the city,” Dyson said.
Card skimmers typically set themselves up near the affected ATM during peak hours in order to receive the data which is transmitted from the device, Dyson said. They will usually need to be within 100m of the ATM to receive the transmitted data.
Those behind the scheme then copy card details onto blank cards which, used with the PINs, allowed them to make purchases and withdraw money.
Dyson said this type of skimming device had never before been detected in NSW, and showed the offenders were ramping up their efforts as banks implemented technologies to better identify when a card has been compromised.
“Previous devices have always had wires hanging off them,” Dyson said. “One of the ones used now does have wires hanging off it, that’s because of the design of the ATM. But the smallest one is quite impressive in that it is contained within a resin block and sealed.”
Two banks in particular have been affected. Dyson declined to provide names.
He said banks and ATM builders were engaged in an ongoing war with skimmers, constantly developing new methods to defeat the devices while criminals figured out how to thwart them.
For customers, it is “difficult if not impossible” to tell if an ATM has a skimming device attached, Dyson said. The most effective method users can deploy to escape being compromised is simply to cover the keypad as they enter their pin.
NSW Police said they had traced some of the stolen funds to Romania, where it believed the gang originated.
