Tomas Victor Mendoza, SVP-Transaction Banking Group, BDO, demonstrated the said modus. He said that the pin number can also be obtained by using a pin pad overlay.
"Pag pumipindon po, kina-capture yung pins," Mendoza said as he shows the pin pad overlay.
Senator Chiz Escudero asked, "Pero bago nya malagay yan, kailangan nyang baklasin pin pad ng ATM?"
Mendoza said that there's no need to remove the original pin pad to be able to attach the overlay.
"Actually po hindi, pinapatanong lang. may glue lang po sya sa likod," he answered while pointing at the four corners of the pin pad overlay. The device they are referring to looks exactly like the origial pin pad used in ATM machines.
Another tactic used by these ATM skimmers is putting a pin hole camera on shields above the keypad.
"Ang pin hole camera, yung iba, this is just one example, was to use the same pin pad cover and attach a camera at the back," Mendoza demonstrated again.
"So what they do now is to capture the pins through the camera," he added.
But the device, the latest tactic in ATM skimming which was recently used by crooks to victimized 50 ATM card holders of BDO is called deep insert skimming device.
"Ngayon po ang ginagawa nila, to insert this [skimmer device] pinapatong nila yung original card, pag tiningnan mo akala ko nagwi-withdraw eh, pero ang reality nun, pinapasok nya na yung skimmer [kasama yung ATM card]," Mendoza stated.
Escudero asked, "Maiiwan na yun [skimmer device]?"
"Paglabas po ng card, card na lang po yung lalabas. Maiiwan na po," he answered.
The Banco de Oro will reimburse the stolen money from its customers. The bank officials also stated that they have a way to resolve the issue but that information is confidential which is why they did not disclose it during the public hearing.
Meanwhile, the solution perceived by Banco Central to this kinds of scams is the implementation of EMV or Europay, Mastercard and Visa. It is a global standard for credit card that uses computer chips to aunthenticate and secure chip-card transactions.
This EMV card has an added security, which is the chip seen under the bank's name. Through this, the data in ATM card will not be stolen.
Currently, the widely used ATM cards uses magnetic stripes, the black stripe at the back of the card. So when skimming devices are used, the data content of the card can easily be obtained by skimmers.
Originally, the deadline for changing all ATM cards into EMVs is January 2017 but due to the several numbers of cardholders in the country, they moved the deadline to 2018.
Meanwhile, the Senate also tackled the glitch on that happened on Bank of the Philippine Islands (BPI). According to BPI, there was no hacking or hacker involved but it was only a human error from their part where one of their specialist input a wrong data which caused the system glitch.
Instead of firing the specialist, BPI management reassigned their specialist
because they believe that she [specialist] does not have any ill intentions.
"This particular person, your honor, has been three years with us. She topped her programming class so there's always the zeal to be able to do things faster," Ramon Jocson said, EVP of BPI.
"So I attribute this to a lapsing judgement," he added.
Three precautions to take for ATM card users:
- Try to visit ATMs in publicly-visible locations. Though deep-insert skimmers may be difficult to detect, it may be harder for criminals to install such devices in well-lit, frequently-trafficked ATMs than it might be for more-remotely-located ATMs.
- Regularly check your bank statements. Opening those email PDFs, logging into your bank site or opening those letters may seem boring and a waste of time, but especially as skimming technology becomes harder to detect on the front end, it pays to double check on the back end.
- Get credit monitoring. If someone steals your ATM-card information, they may try to use it to open up a line of credit at that bank or apply for a card in your name.