Lebanese loop

Last updated
A Lebanese loop device (black) attached to an ATM slot (grey). When the victim's card (green) is inserted, it pushes aside a small flap which falls back into place, trapping the card so that the ATM is unable to eject it. Lebanese loop.png
A Lebanese loop device (black) attached to an ATM slot (grey). When the victim's card (green) is inserted, it pushes aside a small flap which falls back into place, trapping the card so that the ATM is unable to eject it.

A Lebanese loop is a device used to commit fraud and identity theft by exploiting automated teller machines (ATMs). In its simplest form, it is a strip or sleeve of metal or plastic which blocks the ATM's card slot, causing any inserted card to be apparently retained by the machine, allowing it to be retrieved by the fraudster when the card holder leaves.

Contents

Its name comes from its regular use amongst Lebanese financial crime perpetrators, although it has since spread to other international criminal groups. [1] The scam has been reported in countries with high numbers of ATMs such as the UK, [2] the United States, [3] Germany [4] and France. [5]

Process

A Lebanese loop device viewed from the back: a loop of plastic holds the card in place while allowing it to be read by the ATM. Double-sided tape (yellow) holds the device in place over the ATM's card slot. Lebanese loop back view.png
A Lebanese loop device viewed from the back: a loop of plastic holds the card in place while allowing it to be read by the ATM. Double-sided tape (yellow) holds the device in place over the ATM's card slot.

The term “Lebanese loop” is applied to any number of similar devices that are used to perpetrate ATM fraud by retaining the user's card. In their simplest form, Lebanese loops consist of a strip or sleeve of metal or plastic (even something as simple as a strip of video cassette tape) that is inserted into the ATM's card slot. Some loops have a covering fascia which appears superficially to be part of the ATM, while others are simply a length of dark-coloured tape with glue strips to hold it temporarily inside an ATM slot. [6] Lebanese Loop devices are relatively simple to construct, requiring less technical skill than a card skimming technique.

When the victim inserts their ATM card, the loop is long and narrow enough that the ATM machinery can still fully draw the card in and read it. The victim then enters their personal identification number (PIN) as normal, and requests the funds. The ATM then tries to eject the card, the loop device prevents the card from being ejected, either with a flap covering the fascia's slot, or a diagonal slit in the tape which catches against the card. [6] The machine senses that the card has not been ejected, and draws the card back into the machine. The cash drawer does not open, and the money that has been counted is retained by the machine. In most cases, the victim's account is not debited. The victim believes the machine has malfunctioned or genuinely retained their card. [7]

In a typical scam, the perpetrator will obtain the victim's PIN either by watching them enter it the first time (shoulder surfing), or by approaching the victim under the pretense of offering help and suggesting they re-enter their PIN (and again, watching them do so). More sophisticated variants of the Lebanese loop scam have developed. In some cases, the fraudsters attach a small camera to the ATM to record the victim entering their PIN. The video from this camera is then transmitted to the fraudsters, who may be waiting near the machine and viewing the video on a laptop computer, [2] meaning they need not approach the victim directly. There have been cases where a fake keypad is fitted to the machine over the top of the real one, and this records the PINs entered. [7]

Once the victim has left the area, the perpetrator retrieves the loop and the trapped card, and uses it, along with the stolen PIN, to withdraw cash from the victim's account. [8]

Since the Lebanese Loop is only able to capture one card at a time and the card holder will usually react quickly to the loss of the card, the technique must be widely deployed to net a useful number of cards in a short amount of time. This may require a large workforce to accomplish the task.[ citation needed ]

Countermeasures

ATM manufacturers have resorted to several methods to counteract the Lebanese Loop, generally consisting of adding various sensing mechanisms to the card readers. Various network activity profiling processes can be applied to attempt to detect this activity. [9] Often ATM vestibules have video surveillance equipment installed in them, which can make identification of the perpetrator and method easier. [10]

ATM industry groups counsel cardholders to take precautions when entering their PIN into any device. [11] Customers are also advised to avoid an ATM if strangers are standing next to it (especially if they do not move after being asked), be careful of ATMs which appear out of the ordinary (such as having unusual instructions attached), to never enter a PIN more than twice (to prevent the card from being retained by the machine), and to ignore advice from "helpful" strangers who may approach when they see a customer is having difficulty. [12]

Other forms of card fraud

Other variants of fraud may use a “skimming” technique, where an electronic device is fitted over the ATM's card slot and which reads the information encoded into the magnetic strip on the back of the victim's card as it is inserted. This variant does not require the card to be retained; the transaction runs normally, and the data recorded from the original card is copied to another blank magnetic stripe card, which is then used to withdraw cash.

At their most sophisticated, scams can involve the construction and installation of fake fascias built to fit particular ATMs or other card reading devices. These false fronts can house any of the above devices to gather data from the user and allow the perpetrators to acquire or clone cards and their associated PINs. These fakes can often be indistinguishable from unmodified devices to the untrained eye.

See also

Related Research Articles

<span class="mw-page-title-main">Debit card</span> Card used for financial transactions, usually without a credit line

A debit card, also known as a check card or bank card is a payment card that can be used in place of cash to make purchases. The term plastic card includes the above and as an identity document. These are similar to a credit card, but unlike a credit card, the money for the purchase must be in the cardholder's bank account at the time of a purchase and is immediately transferred directly from that account to the merchant's account to pay for the purchase.

<span class="mw-page-title-main">EFTPOS</span> Type of electronic payment system

Electronic funds transfer at point of sale is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale. EFTPOS technology was developed during the 1980s. In Australia and New Zealand, it is also the brand name of a specific system used for such payments; these systems are mainly country-specific and do not interconnect. In Singapore, it is known as NETS.

<span class="mw-page-title-main">Advance-fee scam</span> Type of fraud

An advance-fee scam is a form of fraud and is one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim to pay or simply disappears.

<span class="mw-page-title-main">Automated teller machine</span> Electronic telecommunications device to perform financial transactions

An automated teller machine (ATM) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, funds transfers, balance inquiries or account information inquiries, at any time and without the need for direct interaction with bank staff.

<span class="mw-page-title-main">Personal identification number</span> PIN code

A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric passcode used in the process of authenticating a user accessing a system.

<span class="mw-page-title-main">EMV</span> Smart payment card standard

EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.

Bank fraud is the use of potentially illegal means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently posing as a bank or other financial institution. In many instances, bank fraud is a criminal offence. While the specific elements of particular banking fraud laws vary depending on jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered a white-collar crime.

<span class="mw-page-title-main">Interac</span> Canadian interbank network

Interac is a Canadian interbank network that links financial institutions and other enterprises for the purpose of exchanging electronic financial transactions. Interac serves as the Canadian debit card system and the predominant funds transfer network via its e-Transfer service. There are over 59,000 automated teller machines that can be accessed through the Interac network in Canada, and over 450,000 merchant locations accepting Interac debit payments.

<span class="mw-page-title-main">Internet fraud</span> Type of fraud or deception which makes use of the Internet to defraud victims

Internet fraud is a type of cybercrime fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. It is, however, differentiated from theft since, in this case, the victim voluntarily and knowingly provides the information, money or property to the perpetrator. It is also distinguished by the way it involves temporally and spatially separated offenders.

<span class="mw-page-title-main">Mondex</span>

Mondex was a smart card electronic cash system, implemented as a stored-value card and owned by Mastercard.

<span class="mw-page-title-main">Payment card</span> Card issued by a financial institution that can be used to make a payment

Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic transfer and access automated teller machines (ATMs). Such cards are known by a variety of names including bank cards, ATM cards, client cards, key cards or cash cards.

<span class="mw-page-title-main">ATM card</span> Type of bank card providing access to Automatic Teller Machines

An ATM card is a payment card or dedicated payment card issued by a financial institution which enables a customer to access their financial accounts via its and others' automated teller machines (ATMs) and to make approved point of purchase retail transactions ATM cards are not credit cards or debit cards. ATM cards are payment card size and style plastic cards with a magnetic stripe and/or a plastic smart card with a chip that contains a unique card number and some security information such as an expiration date or CVVC (CVV). ATM cards are known by a variety of names such as bank card, MAC, client card, key card or cash card, among others. Other payment cards, such as debit cards and credit cards can also function as ATM cards. Charge and proprietary cards cannot be used as ATM cards. The use of a credit card to withdraw cash at an ATM is treated differently to a point of sale transaction, usually attracting interest charges from the date of the cash withdrawal. Interbank networks allow the use of ATM cards at ATMs of private operators and financial institutions other than those of the institution that issued the cards.

Identity fraud is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. Most identity fraud is committed in the context of financial advantages, such as accessing a victim's credit card, bank accounts, or loan accounts. False or forged identity documents have been used in criminal activity or in dealings with government agencies, such as immigration. Today, the identities of real persons are often used in the preparation of these false documents.

The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.

Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.

<span class="mw-page-title-main">Chip Authentication Program</span>

The Chip Authentication Program (CAP) is a MasterCard initiative and technical specification for using EMV banking smartcards for authenticating users and transactions in online and telephone banking. It was also adopted by Visa as Dynamic Passcode Authentication (DPA). The CAP specification defines a handheld device with a smartcard slot, a numeric keypad, and a display capable of displaying at least 12 characters. Banking customers who have been issued a CAP reader by their bank can insert their Chip and PIN (EMV) card into the CAP reader in order to participate in one of several supported authentication protocols. CAP is a form of two-factor authentication as both a smartcard and a valid PIN must be present for a transaction to succeed. Banks hope that the system will reduce the risk of unsuspecting customers entering their details into fraudulent websites after reading so-called phishing emails.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

A card-not-present transaction is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over the Internet, but can also be used with mail-order transactions by mail or fax, or over the telephone.

<span class="mw-page-title-main">Card security code</span> Security feature on payment cards

A card security code is a series of numbers that, in addition to the bank card number, is printed on a card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud.

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

References

  1. Schreiber, Barry. ATM Security Forecast at Forefront of 1996 Plans. EFT Report, vol. 19 issue 2, Jan 18 1996
  2. 1 2 Summers, Chris; Toyne, Sarah (2003-10-09). "BBC News - Gangs preying on cash machines" . Retrieved 2006-07-21.
  3. ATM Security | Landscaper admits to Lebanese loop scam at ATMs in 4 states and D.C. | ATM Marketplace Archived 2005-03-02 at the Wayback Machine
  4. TU Berlin - Hoax-Info - Extra-Blatt: Ausspionieren von EC-Karten-Daten
  5. Google cache of Detroit Free Press article
  6. 1 2 "Atm theft atm theft Lebanese loop".
  7. 1 2 Nettleton, Philip. Lebanese loop is new cashpoint con. Evening Standard (London), February 5, 2001
  8. "Lebanese Loop ATM Theft".
  9. Fraud fight gets more proactive at ATMs | ATM Marketplace Archived 2006-05-09 at the Wayback Machine
  10. SiliconRepublic.com: Attack of the clones Archived 2006-07-20 at the Wayback Machine
  11. "Interac Association - Protect Your PIN > Cardholder Tips". www.interac.org. Archived from the original on 12 February 2003. Retrieved 14 January 2022.
  12. Lebanese Loop at Snopes.com.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.