NFC ATM Attack

This attack takes place where there is more than one ATM in a location. The fraudster jams the card reader at one of the ATMs and waits at the other ATM for someone to attempt a transaction at the machine with the inoperable card reader. When the customer attempts to insert their card, the fraudster will tell the customer that the reader is broken, so they should use the near-field communication (NFC) feature of the bank’s app with a loaded ATM card or the NFC feature of the ATM card itself to initiate the ATM transaction. Once the customer enters the ATM session using that method, and provides the personal information number (PIN), the customer can continue with their transaction. ATMs in some banks do not close the session after that transaction and do not ask for the PIN again. The fraudster will then move over to the jammed ATM and continue the session to withdraw funds from the unsuspecting customer’s account.

William J. Voorhees; MFA, C.F.E., CAMS, senior vice president, head of Enterprise Fraud Management, Truist Financial, editor@acams.org

ACAMS Today

The Magazine for Career-minded Professionals in the Anti-Money Laundering Field

Seizing Assets So That Crime Doesn’t Pay, With Molly Moeser

Three Ways AI Is Augmenting AML Programs

Enlisting AI in the Fight Against Financial Crime, With Jennifer Shasky Calvery

Assembly Chatter with ACAMS Today: Sanjeev Menon

Giles Thomson on U.K. Sanctions Priorities and Enforcement

Four Questions: Advice From a BSA/OFAC Officer

Leave a Reply Cancel reply

You might also like

Leave a Reply Cancel reply