My Thoughts on Technology and Jamaica: Why Banks Protect Yourself Online Initiative will not stop Jamaican ABM Scammers as Cards Unsecure

Monday, October 10, 2016

Why Banks Protect Yourself Online Initiative will not stop Jamaican ABM Scammers as Cards Unsecure

“The campaign seeks to raise awareness among Jamaicans about possible online threats to their accounts and finances and empowers customers, through education, to enable them to develop good online-safety habits”

Banking Sector commenting on the Protect Yourself Online! Initiative

Cybercrime is on the rise in Jamaica. With the holidays coming up, scammers have now turned to skimming and phishing.

Banks, naturally are uniting against this via their Protect Yourself Online! Initiative as detailed in the article “Jamaican Banks Unite Against Cybercrime”, published Sunday October 9, 2016, The Jamaica Gleaner.

Google Logo

This initiative, launched on Friday September 30th 2016, sees the following banks uniting to raise awareness about Credit/Debit Card skimming and steps to thwart would-be criminals:

1.      CIBC FirstCaribbean International Bank
2.      First Global Bank
3.      JMMB Merchant Bank
4.      National Commercial Bank Jamaica
5.      Sagicor Bank
6.      Scotiabank Jamaica

This is the banking industry's response to the rise in ABM Skimming which saw a rash of Debit Card account thefts on Wednesday August 14th 2016 as reported in my blog article entitled “How Jamaicans are ABM Skimming NCB and Scotia Debit and Credit Cards for Christmas 2016”. 

For more on the campaign and security tips, you can So how does this campaign work?

The Banking Sector's Protect Yourself Online! Initiative - More advertising for Banks as Take Style Out 2016 approaches

The banking sector is basically doing some well needed PR to make customers more aware that they can be robbed. Instead of just going Mobile Money, which is more secure, they've decided to just do more advertising.

After all, Take Style Out 2016, out version of Fashion Night Out, has been pushed back to Thursday October 27th 2016 due to Hurricane Matthew as reported in the article “#TrackingMatthew: TSO postponed until October 27”, published Monday, October 03, 2016, The Jamaica Observer.

Google Logo

That puts it right before payday and gives skimmers more time to plan how they can steal Debit Card and Credit Cards from shoppers on that night as a test-run for Christmas 2016. Still, the tips given by the Protect Yourself Online! Initiative are somewhat helpful:

1.      Inspect the machine for items installed over PIN pad.
2.      Avoid ABMs that have attachments pointed in the direction of the PIN pad. This may be a hidden camera to record your PIN.
3.      Once inside an ABM, lightly pull the card slot to uncover signs of tampering, which include a loose or detached card slot, or the presence of double-sided tape that may be used by skimmers to ensure quick and easy removal. 
4.      Use the unoccupied hand to cover the hand entering the PIN on a keypad. This can prevent recording by pinhole cameras.
5.      Be aware of the ABM's surroundings and any possible loiterers.
6.      Do not accepting assistance from strangers when using ABMs 

So will all of these initiatives work?

Protect Yourself Online! Initiative will not Work - Mobile Money, secure POS terminals needed

All this will not stop phishing attacks as more Jamaican are shopping online than ever before and using Debit and Credit Cards as reported in my blog article entitled “How Electronic Transactions in Jamaica can eliminate Hidden Economy via Universal Consumption Taxation”.

The JIS (Jamaica Information Service) hack in June 2015 proves that we're susceptible to clicking on unknown links from an email as noted in my blog article entitled “Anatomy of ISIS hack of the JIS Website - How and Why Hactivists couldn't access sensitive GOJ Databases”. 

The following hack of the Ministry of Transport and Works website in February 2016 by Islamic hackers as reported in my blog article entitled “How Islamic Cybergroup Team Emirates hacked the Ministry of Transport and Works” clearly indicated that the weakest link is still people.

Jamaicans, it seems, like to click on things even if its from someone they don’t know!! They just can’t resist the temptation.

Then there is the fact that Jamaican staff working in stores that do Debit Card transactions can have friends secretly ship down skimmers and use them while on the job to copy Debit and Credit Cards. Though unlikely, it can happen, especially if the transaction results in your card being out of your sight for a few seconds.

This as its way too easy to copy that magnetic strip and the PIN number, as too many organizations make magnetic strip blanks in Jamaica. This makes it necessary to enable POS devices with the ability to check Card numbers against the magnetic strip in the banks database to see if the card is cloned, as biometric security can be thwarted.

Scammers are not more sophisticated as they now understand the banking system better and know how to launder money after stealing it as I'd predicted in my blog article entitled “How Scammers and Hackers are on the Rebound Laundering Money as Peter Bunting misguided on Scammers”. 

Most ABM scammers usually withdraw their cash within 24 hrs of stealing the card info or convert the money to other forms, such as bitcoins or deposit the money into a Paypal Account linked to a Payoneer Card as described in my MICO Wars blog article entitled “How Jamaicans can make money online – Setting up a Payoneer Prepaid Mastercard”.

So a word of warning; go Mobile Money as suggested in my blog article entitled “How NCB Quisk Compares to CONEC Mobile Wallet as Jamaica goes Cashless”, as the banks are just using light and magic while not addressing the security flaws in Debit and Credit Cards.

No comments: