Nowadays, just about anyone with a bank account has an ATM card for cash withdrawals and debit transactions. Whether you are a parent or not, or still a college student, cash and card-use for most purchases, online or otherwise, makes the ATM\/debit card one of the most necessary items in your wallet or purse today.\r\n\r\nHowever, there\u2019s a downside. Because of the convenience of usage of the debit facility and the burgeoning population of ATM\/debit cardholders, opportunities abound for scammers and hackers to help themselves to your account.\r\n\r\nThey do this through a million ways \u2500 by phishing for your personal information through emails, scam calls and SMSes or by stealing it straight off your ATM\/debit card.\r\n\r\nImagine how your family or your livelihood or lifestyle would be affected if your bank account got wiped out?\u00a0 How are you going to put food on the table or pay the month\u2019s school fees and all your other financial commitments?\r\n\r\n\r\n\r\nThe thing is, banking security has become quite an issue these days what with the pandemic rise in cybercrime, identity theft, scamming and hacking. Banks don\u2019t issue bank books anymore, they only issue ATM\/debit cards, which is verification that you hold an account and which gives you right of entry to online banking. You have no choice but to do all your transactions through your ATM\/debit cards which is the master key to all your money and all your other accounts in that primary bank account. In this sense, the ATM\/debit card has become a very powerful yet perilous item to hold, even more so than the credit card (which gives access to the bank\u2019s money, and not yours).\r\nCard Cloning\r\nAnd so you might have heard that your ATM\/debit and credit cards can be cloned for fraudulent use. You\u2019ve heard of gizmos and gadgets and even software implanted inside the ATM to copy all your personal data in order to clone your card, but you\u2019re not sure if the story is true because you only heard it whispered through social media and\u2026it hasn\u2019t happened to you.\r\n\r\nWell, I am here to tell you today that card cloning is for real because it happened to me.\r\n\r\n\r\nThis is a True Story\r\nThe following is a true account of what transpired.\r\n\r\nI awoke early on Sunday morning (14th July 2019) and logged on to my account to pay some bills. To my shock and utter horror, I noticed that RM250 was missing from my account. Recorded clearly on my statement, someone had withdrawn cash from my bank account through an ATM machine on Saturday 13 July at 9.30am in Puchong when I was still sleeping at home.\r\n\r\nHow could this have happened? My card was safely with me at the time; I hadn\u2019t lost it at anytime in the past or present; no one knows my PIN number except for me, so how could a withdrawal have taken place without the card and PIN at the ATM machine? Unless of course, someone cloned my card, copied my PIN and broke into my account.\r\n\r\nWith my heart pounding in my mouth, I immediately called the bank to block the card. They advised me to make a police report (which I did later in the day) and then went to the bank to file a dispute form and get a new card.\r\n\r\nAfter we hung up, I composed myself \u2500 and I was shaking from fear and panic \u2500 I went through my statement with a fine tooth comb, checking every single transaction throughout the month and the months before. None of the card purchases were incorrect, they all had the names of the supermarkets and stores I had gone to but many of the cash withdrawals were dubious. There was not much that could be deciphered from the information on the cash withdrawals \u00a0\u2500 only the amount, the exact time of the withdrawal and the location code of the ATM machine where the money was withdrawn from. For my ATM withdrawals, all of them bore the same location code \u2500 the bank branch where I always go to make cash withdrawals.\r\n\r\nSo how many of these withdrawals were fraudulent and how many were real, I could not tell because they had been sometime back and I had forgotten if I had made those transactions myself. \u00a0I could only say with absolute certainty that I didn\u2019t make the last three most recent cash withdrawals because my memory was still fresh.\r\n\r\n\r\nCrime Mimics Your Financial Behaviour\r\nLooking through my statement, I noticed a pattern to the crime.\r\n\r\n \tThe amounts withdrawn were always small enough to go unnoticed. Each withdrawal was like RM100 or RM150 or RM250 at most.\r\n \tThe withdrawals always had a time lapse of two to three weeks in between, they never occurred on an everyday basis.\r\n \tThe withdrawals were always made at the ATM machine I frequented, meaning to say if my usual ATM machine was in, say Section 14, PJ, bearing a certain location code, there wouldn\u2019t be a withdrawal coming from Klang or Kluang bearing never-seen-before location codes. Presumably, this is to ensure that no strange location codes would jump out at you to trigger an alarm. The objective is to make you dismiss all extra withdrawals as you having made them yourself at your usual ATM machine.\r\n\r\nThis is the modus operandi of the scammer \u2500 to mimic or clone your financial behavior and to be as low key as possible in all his fraudulent activities so that you don\u2019t notice that anything is amiss. You won\u2019t even notice that your money is missing and that way, he can go on milking you for a long, long time.\r\n\r\n\r\nNew Style of Scamming\r\nAt the bank, it seemed that they had never heard of this \u201cnew style of scamming\u201d where very little is taken at two-week spans so that you wouldn\u2019t know you\u2019re being robbed.\r\n\r\n\u201cUsually, they would just wipe out your entire account,\u201d they said to me.\r\n\r\nThey seemed rather incredulous that I had only lost a few hundred Ringgit and only a little at a time over an extended duration.\r\n\r\nIn any case, they said I was the first ever in Malaysia to report such a thing.\r\n\r\n\u201cSuch a thing\u201d may be new and unheard of in Malaysia, but to everyone else in the rest of the world, this style of stealing is actually old.\r\n\r\n\u201cPay attention to your credit card statement,\u201d advised the virus and malware company AVG.com in an article in May 2019. \u201cIf your card has been compromised, the fraudulent activity may not always be in damagingly huge amounts, but could be a sequence of smaller transactions.\u201d\r\n\r\nLong Term Cookie Jar to Steal From\r\nIt makes sense if you put on the thinking cap of the criminal; this way of siphoning is more profitable in the long run. Let\u2019s pretend you are the scammer and you have the cloned cards of some 2000 victims. If you withdraw only RM150 from each of them every two weeks, you would stand to collect a cool RM300,000 twice a month for the long term or for at least as long as the victims don\u2019t know or keep quiet about it.\r\n\r\nBut if you only make a one-time hit and wipe out the account of only one or two individuals, how much could you possibly make? Most Malaysians are not multimillionaires, many are ordinary wage earners and an ATM card has a daily withdrawal limit which you can set yourself. Moreover, once wiped out, that victim would immediately know that his account has been emptied. He would definitely scream bloody murder and call the calvary, starting an immediate alert to the crime and ending the thief\u2019s chances of stealing more.\r\n\r\nWhy kill the goose that lays the golden egg?\r\n\r\n\r\nThe Clued-In Criminal Mind\r\nFrom what can be seen, scammers and hackers have a very good grasp of human psychology. They know exactly how victims will react to small losses if they find out.\r\n\r\nRM150 missing want to report? Leceh la. Yes, the amount is just too small to be worth the trouble of going to the police and having to follow up with the bank all the time. \u00a0One cannot be taking leave from work every few days just to see if anyone is working on the case.\r\n\r\nOr,\r\n\r\nRM150 missing, want to make noise? Pai Seh ler! Yes, it is embarrassing to admit to being cheated and worse, to be robbed of such a small amount and then kicking up a big fuss about it.\u00a0 Most people will keep the incident hush-hush to \u201csave face\u201d.\u00a0 It works wonderfully for the criminal\u2019s benefit as no one will ever know a crime has been committed.\r\n\r\nSo, by applying psychology on human behavior, criminals can get away scot free.\r\n\r\n\r\nSuspicious Activity Not Just at ATM Machines\r\nThe bank had a questionnaire that I had to answer when I made my report. These questions are to shed light for the investigation. One particular question stood out.\u00a0 They asked if I had noticed any suspicious gadgets or activity on the ATMs I had used over the past month.\r\n\r\nSome of our banks are aware of Skimming and Shimming (the methods where devices are installed on or inserted into the ATMs to copy data, your CVV and PINs from cards while the cardholders are conducting their transactions at the machines).\r\n\r\nChip cards were implemented recently to stop skimming that copies off the cards' magnetic strips. But then, fraudsters are always 10 steps ahead. They created shimming to specifically tap data from the EMV chip on your card. So there you go.\r\nGhost in the Machine\r\nATMs that have been tampered with can behave strangely, such as make a strange sound when the machine is running, look fitted with additional objects or pieces, retain the cash you withdrew but showing a deduction in your account even though you got none of the money, or reject, decline or swallow the ATM card after the PIN has been keyed in.\r\n\r\nWhen I looked at the questionnaire, I remembered an incident where there was indeed a strange occurrence. However it did not happen over the past month and it wasn\u2019t at an ATM machine.\r\n\r\nIt was at a petrol kiosk, one I don\u2019t often use but for some reason decided to swing in that day, and it didn\u2019t occur one month ago but at least three to four months ago.\r\n\r\n\r\n\r\nI, like many people, use my ATM\/debit card to fill petrol. I slotted my card in at the pump and after keying in my PIN, my card was declined. But when I tried to pull the card out, it got stuck! So I pushed and pulled and struggled for a long time but it just wouldn\u2019t come out. I called for help and one of the petrol pump attendees came to help pull the card out. He too couldn\u2019t get it out. We tried everything, we even pressed Cancel many times, lifted and put back the pump handle to make sure the machine \u201cread\u201d the action, but still, my card remained stuck fast.\r\n\r\nThe petrol pump attendee then decided to open the machine. Maybe that would help release the card he thought. So he went and got the key to open the machine. However, the inside was covered in a metal bracket and the card could not be pushed out from the back. All this took a long time, like 20 minutes to half an hour. By this time, we had called half the petrol station to help get the card out. And just when everybody got hot under the collar pushing and pulling, the card miraculously slid out at the last pull, like nothing happened.\r\n\r\nThe card worked fine elsewhere after that and since there was no further incident, I forgot about it. Until now.\r\nYour Card can be Compromised Anywhere you Insert It\r\nI do not know if this was how my card got cloned. If it was, then this story takes a more insidious turn in that your ATM\/debit card can be compromised anywhere you insert it, (at petrol kiosks, restaurants, bookshops, pharmacies, supermarkets, airport or train terminals) and not just at ATM machines. It also means fraudulent activity began on my card three or four months ago and not recently. It\u2019s just that I didn\u2019t know because the amounts drawn out were small.\r\n\r\n\r\nWhat Can You Do to Protect Yourself?\r\nI have a new card now but what is there to protect this new card from also being cloned?\u00a0 It looks like nowhere is safe. But until better security measure can be put in place, here are some things you can do:\r\n\r\n1. Scrutinize Your Statements Regularly\r\n\r\nCheck your statements regularly. However, for busy working parents wearing different hats and running about the day juggling timetables, who has the time to keep a constant eye on their bank accounts? Moreover, by the time you discover something wrong, the money would have flown and there is no guarantee you can get it back.\r\n\r\n2. Report the Crime Immediately\r\n\r\nShould you see suspicious activity on your statement, call your bank to block the card immediately. Make a police report, then give it to the bank to conduct investigations and get a new card. You will, however, have to pay around RM10.00 for the issuance of a new card. (Note: There is no guarantee you will get your money back though but at least you would have stopped further stealing from your account).\r\n\r\n3. Limit the Power of Your ATM\/Debit Card \r\n\r\nDo not link too many accounts and capabilities onto your ATM\/debit card. This is to limit the number of doors a scammer can go through to access all of your monies should he break in. Do not set your online transfer or withdrawal amounts to be too high either, only give yourself enough to carry out your necessary transactions and not more. In other words, limit the power of your ATM\/debit card. It may be inconvenient but you can always go back to change your options when you need to.\r\n\r\n4. Don\u2019t Lose or Drop Your payWave-Enabled Card\r\n\r\n\r\n\r\nBe very careful about keeping your card safe. Your ATM\/debit card has a contactless ability (called payWave). Should you drop your card, did you know anyone who picks it up can go for a shopping spree on your account? He only needs to wave your card without using a PIN.\r\n\r\nAnd did you know that your payWave-enabled ATM\/debit card can be copied? A contactless or pay-Wave card emits a radio signal called Radio-Frequency IDentification (RFID). That is how you can make payments without inserting the card and typing your PIN. All you need to do is to wave or tap your card on the terminal.\r\n\r\nTo copy your data from your RFID-emitting card, all a criminal has to do is to walk past you, place his radio frequency card reader near your handbag or back pocket to scan and copy all your data from your cards. \u00a0He then uses this data to duplicate your card. RFID skimming is the new form of digital theft, also called electronic pickpocketing. The thief does not even have to touch you.\u00a0 It seems wrapping your cards in foil or keeping them in an\u00a0RFID blocking wallet\u00a0(or\u00a0sleeve or pouch) is one way you can stop your card from being copied.\r\n\r\n5. Don\u2019t Use Your Debit Card for Online Purchases\r\n\r\nConsider not using your debit card when purchasing items online. Credit cards are \u201csafer\u201d in a sense since a credit card transaction will take 10 to 14 days for your bank to process. If the transaction is fraudulent, it can become an item of dispute rather than an instant removal of cash from your savings account. A note about using credit cards however: do remember to pay 100% of the credit card expenditure or you will be accumulating 16% compounding interest on your balance. Never pay only 5%!\r\n\r\n6. Activate your SMS Alerts for All Transactions\r\n\r\nSMS alerts and notifications are life-saving. Any time you make a transaction \u2500 whether paying a bill or transferring funds online through your computer or smartphone or using your debit facility with your ATM\/debit card to purchase something from a retailer \u2500 you get a Transaction Authorisation Code (TAC) and you also get an SMS alert that money has been transferred.\r\n\r\nIf your bank has this feature, activate your SMS Alerts for cash withdrawals as well. Cash withdrawals from ATMs are the only transactions that do not receive receive automatic phone notifications, and this is where the loophole lies for criminals. Someone could be withdrawing your money using a cloned card through an ATM machine right now and you wouldn\u2019t know it because there's no SMS alert.\r\n\r\nYou need to go to any branch of your bank and speak to the bank manager to subscribe to SMS Alerts for cash withdrawals. You will, however, be charged for the SMS Alert but in view of how widespread fraud and electronic crime are these days, it could be worth it for peace of mind.\r\nOther Methods\r\n\r\n\r\n \tCover your hand when typing in your PIN because there may be hidden cameras recording your PIN as you type it in.\r\n \tChange your PIN often and keep it secret.\r\n \tBetter to use ATMs that are connected to the bank with security guards watching the place and not standalone machines in open, unguarded areas such as those in a shopping complex, petrol stations, airport and train terminals.\r\n \tIf you can, minimise your use of the debit facility on your ATM card, even though it offers you great convenience to pay for purchases anytime, anywhere without cash.\r\n \tIn particular, try not to use your ATM\/debit card at petrol kiosks. These places are ungated and unguarded 24\/7. Fraudsters can walk in anytime of the day or night to insert a shimming device into the card reading slots at the pumps. To be safe, use cash instead.\r\n\r\n\r\n\r\nFor more finance and wallet-care stories like this, visit Motherhood.com.my.