Transaction Reversal Fraud (TRF) is a method used by criminals to steal cash from ATM’s. with TRF, criminals generally jam the ATM by reversing the host application software logic to remove money from the cash dispenser. Skimmed cards or stolen cards are used by criminals to avoid detection.
The transaction reversal frauds are only applicable to the ATMs that support motorized cards and with an application configured for ‘card before cash.’
A transaction reversal fraud is a sophisticated attack that involves a sequence of situations creating numerous error codes and unwanted transaction reversal. The criminals planning for the transaction reversal fraud opens a new bank account with a fictitious name or uses an existing account of a legitimate cardholder to conduct transactions. In transaction reversal frauds, the money or the fund in the bank accounts do not get debited even after executing multiple transactions. So, criminals use low balance accounts to make numerous transactions.
The criminals follow various steps or techniques to execute transaction reversal fraud (TRF), which can be as follows:
⇒ A card and PIN are entered correctly into the ATM in the first step.
⇒ The cash withdrawal is then requested.
⇒ Cards are ejected when the host certifies the transaction, and the dispenser shutter is ready to dispense the currency.
⇒ The transaction will timeout, and the card reader will try to capture the card as the criminals leave the card in the slot rather than taking it out.
⇒ At this point, the criminals will hold onto the card, preventing it from being captured.
⇒ This process will jam the ATM, and the host will reverse the transaction, but the cash is not dispensed back.
⇒ The criminals will then force open the cash dispenser shutter and steal the cash before ATM puts money back into the reject bin within cash dispenser.
⇒ The success of Transaction reversal fraud execution depends on timing. The card can be blocked from being captured back by the ATM by simple tools, granting the criminals time to concentrate on clearing the cash from the dispenser.
Mitigation methods provided by the host to stop Transaction reversal fraud (TRF):
It is essential to check the currency dispenser status before the reversals of transactions, and this should be part of the design of the host applications. Pre-arranged cash present in dispensers should be removed safely before the endorsement of a transaction reversal, as the TRF depends on the host applications reversing the transactions based on the card reader’s status information.
ESP2 is an anti-TRF setting present in S1 currency dispenser and employed to prevent potential fraudulent behavior. The ESP2 has the strength to prevent transaction reversal without any host application changes. Similarly, using S2 currency dispensers provides a channel where the cash is not pre-positioned behind the shutter.
Detect and Block Transaction reversal fraud (TRF):
Detecting and blocking TRF before the damage occurs is very much essential. The powerful combination of multi-link transaction profiling, real-time transaction data, and customizable rules-based alerts are practiced detecting and block the transaction reversal fraud process.
It is impossible to stop criminals from trying to open currency dispensers. Still, with real-time access to the right information, one can get the clear-cut information needed to detect TRF immediately and shut it down or protect the ATMs in seconds.
While selecting the fraud prevention and detection solution, it is essential to ensure that every solution captures currency transactions independently and decodes the message field, and transaction links are correlated so that it provides access to support data essential to add real-time visualization and intelligence to the currency fraud. The solutions that are equipped with transaction reversal fraud should have the ability to handle hardware events and errors in real-time scenarios.
Methods to identify or detect TRF:
Enquire and identify the specific error codes of the transactions.
Confirm that the ATM host applications are checking for the currency dispenser status before the approval of the reversal of any transactions.
Flag the reversal transactions immediately, especially for those who exceed the limit of specified withdrawal amounts or velocity/volume thresholds.
Measures to prevent Transaction Reversal Fraud:
• Limit the number of a repeat reversal of a transaction an ATM can process.
• Identify or block the cards with unusual or repeated activity.
• Inquiry into the smallest loss while auditing the ATMs.
• If unusual behaviour or activity are observed in the surroundings of the ATMs, report the activity immediately.
• Closely monitor the cash-out or cash-low reports every weekend.
• Inform the security staff or bank authority if the transaction reversals occur while ATMs are in use.
ATM network is one of Banking industry’s most difficult assets to protect against. The banking security experts at Netsentries have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that can be exploited and provide remediation measures to effectively resolve them.
Please visit our website to know more about our ATM Security Assessment Services.