RBI's repeated warnings about the outdated software that runs almost all the ATMs in India didn't really awaken the banks from their slumber. But it obviously opened a new corridor of opportunities for the skimmers who are on the prowl. The great Kolkata bank fraud has raised multiple questions on the security firewall the banks use to protect the customer's money from these fraudsters. The skimmers duped more than 75 customers by targeting a single ATM located in a posh locality of Kolkata.
The initial investigation revealed that the crime was committed by cloning the ATM cards and, as per reports, more than 20 lakhs were siphoned off from the ATM. Kolkata Police immediately formed a SIT team to investigate probably the biggest ATM scams that the nation has witnessed in the recent past.
In an official statement the Jt. Commissioner of Crime, Praveen Tripathi, said, "In the last two days we have received 76 complaints from bank customers that cash has been withdrawn from their accounts by fraudulent means. The two unguarded ATMs belong to Canara Bank (Garihat branch) and Punjab National Bank (Mallick Bazar branch). The miscreants have siphoned off ₹18 to ₹20 lakh by cloning the cards of the customers with skimming devices planted at the ATMs."
The SIT team will be spearheaded by the Deputy Commissioner (Cyber Crime) Santosh Pandey. The victims will get back their amount from the bank within the next seven days informed the Jt. Commissioner of Crime, Kolkata Police.
A senior official of the Canara bank of Gariahat branch assured, "We will refund the money to the affected customers upon submission of application and filling up of insurance form. The refunding will be done within a week."
After observing the case closely, some of the experts working in this sector said that the fraudster must have attached a skimmer inside the ATM and they have copied the magnetic strip of the customer's debit card. Apart from this, they must have tampered the camera of the ATM to get the PIN numbers of the customers who used it. As per RBI guidelines, "Third-party breach where the deficiency lies neither with the bank nor with the customers but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication (SMS or mail) from the bank regarding unauthorized transactions, customers liability will be zero."