Cyber Terrorism Online fraud Top News

What are the laws available in Pakistan on ATM skimming?

cyber harassment, online fraud, data breach


Cybercrime is not just subject to harassment only but is a vast field covering all fraudulent acts through digital sources. ATM fraud is one of them and I’ve designed this article specifically to talk about this matter which people usually don’t consider necessary to talk about until they face such a scam. Before talking about Pakistani scenario, it is important to talk about other countries where there are laws regarding ATM skimming, to get some real-life examples.

In a developed country like Thailand, it is reported that approx. 6000 people have been affected by ATM skimming in July. Though, there is smart technology, security cameras, updated & centralized banking systems everywhere and yet approx. $1.8 million has been stolen.

the cyber, online fraud, data breach,
Figure 1: Arrested ATM card fraud suspects with Thai police in Bankok

According to IMF, almost $2 billion has been lost through ATM skimming during 2017. As the ratio of reported crimes are 1 out of 10 in developing countries and 6 out of 10 in the case of developed countries and the above statement is a reported news. So based on such ratio, I believe that around 8 to 9 billion dollars have been skimmed.

On a contrary, we belong to such a vulnerable country where – primarily – there is a scarcity of laws, low applicability of available laws, incompetent agencies having fewer resources and a prolonged list of many loopholes. There is a cocktail of criminals who are walking free without any fear of getting arrested. So this article is all about ATM skimming, skimmers’ tricks, how you can make your account protected and available laws in Pakistan.

Possibilities of ATM skimming

Figure 2: Process

Here we are going to mention – one by one – what are the possibilities through which ATMs are skimmed.

  • When you insert an ATM card, there attach a card reader in ATM machine that reads the information on that individual credit or debit card. ATM skimmers also attach another reader to scan your ATM card and thus capture internal information.
  • A small camera may be attached with the reader as well by skimmers which copies your passcode.

Through this two-way method, they copy information, identity and pin number of your card and draw all amount from your bank account.

This is one method of ATM skimming. Now I am going to share another method which is a most conventional & traditional way and I’ve personally been a victim of it. Let’s talk about this one.

  • Once I inserted my ATM card in an out of service machine which got stuck inside it. There was a person standing outside and waiting for me to come out. He then asked me to enter the code saying that, “Through this way machine will push your card out” and by doing so, he memorized my pin code. Later, he told me to come tomorrow to take your card back as my card was already got stuck before yours. Meanwhile, my card came out and he quickly re-inserted the card, entered the pin code and drew the amount.
  • Another thing is social engineering which is very dangerous. In this method, a person takes someone’s card and start guessing his code number. He thinks of the pin code by the owner’s date of birth. For instance, the owner’s birthday is April 4, 1986, so he may have 4486 as his code number. Then through social engineering or social hacking – which is very tricky – the person can withdraw balance from that account.

Tip: Being an IT expert, I must suggest you to not do anything to a system when it gets hang. Simply leave it. It may has many instructions in its system which is delaying the process which the system will proceed one after another in its instruction queue system. So be patient.

How to refrain from ATM skimming?

cyber harassment, online harassment, data breach, online fraud
Figure 3: Refrain from ATM skimming

This is the important part which most of the readers want to get know. The basic things are:

  1. First of all, whenever you go to the ATM machine, you need to check the surface of the keypad by pressing it to make sure that it is not shaking and another keypad is not adjusted on it. This simply points out the skimmer technique of placing their keypad over a machine to capture your pin. They may have placed another cap with a laser or any other thing which is suspicious.

You surely need to check all these things in ATM before withdrawing. If you see a tiny camera associated with a pad then definitely neither insert your card nor enter your code. Just inform the concerned bank.

2. Never ask for help if you don’t know how to use ATM. Just get a credible person to teach you.
3. Never share your ATM card and pin code with anyone.
4. Just lock your door whenever you go to ATM.

By doing so, you can refrain from ATM skimmers and protect your account.

Other tricks

cyber harassment, online harassment, data breach, online fraud
Figure 4: Other tricks

Now talking about a crime which is committing in Pakistan but people do not take seriously to report it.
You have used your card in Point of Sale System (POS) like KFC, McDonald’s or alike where you can use your visa card. The standard procedure is, you give your card to them who scratch it, deduct amount and take your signature. Nothing else. But in some cases, people don’t understand protocols, don’t consider these standards serious and don’t know how to use POS or visa card. In this case, they ask for the pin as the card is not usable without it. Some people give their pin to them and thus they can be exploited this way. This is strictly not included in standard operating procedures to share your pin with anyone in any situation.

Next important thing is to have a copy of your signed receipt whenever you use your visa card. So, if you get to know that your amount is getting extracted then you can ultimately pursue to that person or shop and enquire about compromising of your account. Hence, you need to let them know, what you are going to do.

If your account is skimmed!

cyber harassment, online harassment, data breach, online fraud
Figure 5: Bluff

If you get to know about skimming your account, you first need to ask your banking service to block your card. Then, you will know about the skimming information, from where your account is skimmed, total amount and all whereabouts so that you can register a case. Usually, people do not pursue because of less amount but in my point of view, you need to pursue the matter – in either way – to set an example to beware people.

You need to on SMS notification of your banking service. Don’t put off that SMS notification so that you get notified if any transaction that you didn’t make. In this way, you can minimize more exploitation of your account.

Punishment of ATM skimming

Pakistan Cyber Crime Act gives you protection in this regard as there are provisions on online fraud. There is 4 to 6 years imprisonment in case of online fraud or ATM skimming in Pakistan. As this does not include only one crime but

1. Compromising an ATM machine of an organization
2. Stealing someone’s information (Privacy issue)
3. Crime is committed by stolen information
4. Ultimately it is a crime

All these steps comprise ATM skimming and thus average 5 years imprisonment is subject to online fraud depending on the sensitivity of crime which may lead to beyond 5 years along with PKR 2 to 3 million fine. Besides this, the culprit also needs to pay back the stolen amount to the owner.

Procedure for reporting a case

cyber harassment, online harassment, data breach, online fraud
Figure 7: Filing a case

The procedure of reporting ATM skimming case is not hectic but needs your intense interest. First, you need to get the information from the respective bank. Submit a copy of that information, a copy of your CNIC and a written complaint to FIA Cyber Crime office in person. Your proofs should include your income statement, all transactions and places of transactions. It would be good if – somehow – you get the CCTV footage from your bank at the time of the transaction to strengthen your complaint. Recently, cybercrime team Rawalpindi has arrested a gang involved in ATM skimming.

Final words!

I have always said that there is no shortcut way to get justice. In one way or another, you have to pursue the matter. If you get threaten by any digital mean then FIA’s cyber crime wing is the relevant authority you should report to. They forward the case of those only, who insisted to proceed further. This article is purely written for the informative purpose. If you have faced such a situation then do let us know so that we may get to know what we should do if this ever happened.
Make sure to spread the information and get in touch for more information.

About the author

Zeeshan Riaz

Mr. CH. Zeeshan Riaz is the founder of The CyberForm. Prior to starting the firm, he was working as IT Operations Director at a Multinational Company. He has been working in the IT sector Since 2010.

Add Comment

Click here to post a comment