Cancun is a popular destination for tourists—and fraudsters. A recent investigation into the Mexican hot spot revealed fraudsters are stealing millions of dollars from tourists by rigging ATMs with advanced data-stealing hardware.
By fitting 19 separate cash machines with Bluetooth technology, fraudsters were able to steal ATM information via skimming. Most skimming devices are detectable, because they are designed as fixtures on the outside of a machine. However, the recent Bluetooth technology proves more difficult to detect, as it is fixed within machines and tied directly to the debit card readers and ATM pads.
To gain access to the inside of the ATMs, the fraudsters are bribing poorly paid technicians. The fraudsters then hide tiny devices inside the card slots and PIN pads that steal card data and store it on special Bluetooth devices, which have also been installed inside the cash machines. Cyber thieves use their phones to connect to these devices – which can hold the data of around 32,000 people – and use the stolen information to empty their victims’ bank accounts.
Targeted ATMs were not bank-owned or operated— all were freestanding machines owned by private companies. In many instances, when compromised ATMs were utilized to make withdrawals, the machines canceled the transactions without explanation, resulting in the cardholder attempting the transaction elsewhere. This means the cardholder’s financial institution (FI) would have no record of the cardholder using the ATM.