This is on the front page of the Sunday New York Times.  ATM fraud has
become so serious that the feds are on active prowl for these criminals.
The article below contains an account of police cell phones ringing from
technicians at ATM operations centers seconds following transaction
completion, tires screeching, Secret Service agents rushing in cars to
ATM locations through busy Manhattan streets, agents jumping out of cars
and bursting into empty bank lobbies to locate fraudsters using the ATM's
there, and federal agents galloping down the street in hot pursuit of a
criminal on foot, rustling him to the ground and later squeezing  the guy
for information that leads to a global ATM fraud ring that spans three
continents with operations in New York and California.

This seems like the professional version of the Croatian street gang.

I share this here so list members can advise their local groups about the
possibility of ATM fraud as more blind people use talking ATM's.  Sadly,
it is no longer a theoretical possibility.  It's the latest form of
crime.

Kelly

    The New York Times

    August 3, 2003

    Criminals Focus on Weak Link in Banking: A.T.M. Network

By WALT BOGDANICH

    He fenced stolen jewels, committed bank and credit-card fraud and
had been accused of having links to an Albanian-Yugoslavian criminal
gang. Cloaking himself in nine aliases and Armani jackets, he was a
smooth, multilingual master of the con, investigators and people who
knew him say.

    His name is Iljmija Frljuckic, and by all accounts, he had no
business being around anybody else's money.

    Yet after being deported in the late 1990's, he slipped back into
the United States and set up shop as a banker, not in a marble lobby
under the watchful eyes of auditors and regulators, but in the virtually
unregulated world of privately owned automated teller machines.

    To tap into this electronic network, Mr. Frljuckic (pronounced
Furl-YOU-kich) did not have to produce so much as a valid driver's
license. After buying these machines - the kind commonly found in
convenience stores, delicatessens and other retail outlets - he and his
associates installed devices that captured, or "skimmed," personal bank
account information from at least 21,000 people, prosecutors say. They
used that information in 2001 and early 2002 to make fake A.T.M. cards,
then stole at least $3.5 million, mostly from A.T.M.'s in New York City,
according to the latest federal charges filed about two months ago in
Manhattan.

    Before Mr. Frljuckic came along, small-time crooks had made crude
forays into A.T.M. fraud. But in its size and technical sophistication,
investigators say, the Frljuckic case is a con of an entirely different
order - a new turn on identity theft, a jolting warning of the
vulnerability of an A.T.M. system that has exploded in size in the last
few years.

    No one can say precisely how much is lost through A.T.M.-related
crimes. In fact, no government agency knows how many cash machines are
operating, where they all are or who owns them. Though banks are
reluctant to discuss their losses, they say there is no cause for alarm.
But from Canada to Malaysia to the United Arab Emirates, investigators
report new assaults on A.T.M.'s.

    The criminals, both foreign and homegrown, include gangs, embezzlers
and, on occasion, money launderers, according to investigators and
public records. And while A.T.M. industry officials say the Frljuckic
case shocked them into tougher self-policing of privately owned
machines, they also confess that the thieves are remarkably resourceful,
shifting their attention now to bank-owned machines. In recent months,
skimming devices have been attached to bank machines around Boston and
Chicago.

    "A.T.M.'s have been viewed as a weak point in the banking chain -
and so the criminals have focused on that," said Tom Harper, president
of the A.T.M. Industry Association, the leading trade group.

    The global wiring of banks to A.T.M.'s means consumers can gain
instant access to their money around the world. But with the government
monitoring only part of this electronic network, a thief using cheap
equipment and a little imagination can steal someone's banking identity
in Manhattan and within hours withdraw money from that person's account
at a cash machine in Europe.

    A.T.M. crime may also be a national security issue. Federal
officials are investigating incidents in which suspected terrorists may
have used the machines to fraudulently generate income, says Dennis
Lormel, chief of the terrorist financing operations section of the
Federal Bureau of Investigation.

    Banks are supposed to reimburse victims of A.T.M. theft. But unlike
credit card fraud, in which banks are stuck with bills for unauthorized
purchases, A.T.M. thefts take cash from consumers, who may bear the
burden of proving that withdrawals were unauthorized.

    Kelly Quick of Studio City, Calif., said that when he reported
$1,420 missing from his account early this year, his bank did not
believe him. "They basically said that since I didn't give out my PIN
number, it had to have been me," Mr. Quick said. Similarly, Mark Evans
of Los Angeles said his bank was "basically accusing me of stealing the
money." Both men say getting their money back involved a fight.

    Complaints like these prompted the comptroller of the currency in
September 2001 to warn banks of their obligation to make A.T.M. victims
whole.

    "Unfortunately there are people who say they have been defrauded
when they have not," said John Hall, a spokesman for the American
Bankers Association. As banks learn more about A.T.M. fraud, he said,
they are getting better at helping customers.

    A.T.M.'s have been around for decades, but became ubiquitous on the
American landscape in 1996, when new surcharges on withdrawals made it
possible for private entrepreneurs to profit by owning machines. Since
then, the number of machines, which cost as little as $3,000, has
tripled, to an estimated 370,000, fueling the growth of companies that
sell and service them.

    This growth, in turn, has spawned criminal activity that goes beyond
just the skimming of bank account numbers. Embezzlements in recent years
have involved companies that supply cash to the expanded A.T.M. market,
including a New Jersey company, Tri-State Armored Services, where $50
million turned up missing. By contrast, the biggest bank robbery in the
last 25 years, according to federal statistics, involved $11 million.

    Banks call credit-card and check fraud a much bigger problem.
Besides, they say, rare cases of A.T.M. fraud are a small price to pay
for convenient cash. But banks are not eager to publicize breaches of
A.T.M. security.

    "They don't want to give people ideas," said Nessa Feddis, a lawyer
with the American Bankers Association.

    Another reason, some financial experts say, is that banks do not
want to undermine confidence in a system that cuts their overhead while
making them billions in fees, collected when their customers use private
A.T.M.'s or machines owned by other banks. Several large banks also own
parts of a network that connects the machines and financial
institutions.

    "These fees are cash cows for the banks," said Edmund Mierzwinski,
of the U.S. Public Interest Research Group in Washington.

    A former president of a Federal Reserve bank said: "You write your
story and they will hate it because it will say, `Be careful where you
stick your card.' "

    4,000 Accounts Vulnerable

    The nation's biggest A.T.M. fraud began in late 2000 with trial runs
in California, Florida and New York. At 13 sites, thieves started
installing machines rigged internally to capture bank data and personal
identification numbers.

    They were in no hurry; the longer they waited, the more account
numbers they could steal. In four months, with just the dozen or so
machines, they had the electronic keys to 4,000 accounts, fraud
investigators say.

    Only when the gang began siphoning money did banks and customers
realize they had been scammed. By the time the rigged machines had been
identified, they had vanished, along with their owners and tens of
thousands of dollars.

    By the end of June 2001, banks had identified the compromised cards
and electronically blocked them.

    "They covered their tracks throughout the process," said Michael
Urban, who works for a division of Fair Isaac, a company that helps
financial institutions detect electronic fraud. "We didn't know anything
other than they had good PIN's, good cards."

    Investigators say the machines were bought in the names Michael
Dokovich and Michael Bugatti, who turned out to be the same man: Iljmija
Frljuckic.

    He is believed to have first entered the country in 1981. By the
early 1990's, federal authorities had linked him to "an
Albanian/Yugoslavian organized crime gang." The government wrote in
court papers that the group "is believed responsible for a host of
serious crimes, including arson, insurance fraud, bank fraud,
large-scale mail theft, drug trafficking and sophisticated jewelry
heists."

    Mr. Frljuckic married the daughter of a Florida law enforcement
official in January 1994, telling her that he was Michael Illyriani, an
international businessman, court records show. He did not say he was
facing federal bank fraud charges, filed in 1992, and was out of jail
only because, hoping for a plea bargain, he had agreed to inform against
the Albanian gang.

    Actually, officials say, he was conning the government, too. While
he helped on a few minor investigations, prosecutors say he provided
"absolutely no assistance" in exposing the gang. Then, before the first
case was settled, he was arrested in a new bank fraud.

    After his release from federal prison in June 1996, a judge ordered
him deported to Yugoslavia. But he soon returned to the United States,
and by then the A.T.M. system had opened its doors to private
entrepreneurs.

    Surcharges Fuel Industry

    The system that beckoned Mr. Frljuckic runs on the ever-accruing
stream of money from the surcharges first widely permitted in 1996.
Today, many customers pay twice - usually $1 to $3 to the owner of the
machine, and $1 to $1.50 to the bank that issued the card. A.T.M. fees
now add up to $4.5 billion annually, according to Dove Consulting, a
Boston-based firm.

    An A.T.M. entrepreneur needs a machine and cash, which can be
borrowed, to stock it, and a bank account, so that when a cardholder
withdraws money, the cardholder's bank has some place to send the
reimbursement. What the owner does not need is a license or government
approval.

    New owners are supposed to be evaluated by what are known as
independent service organizations, or I.S.O.'s, which connect privately
owned machines to the network. Each I.S.O., in turn, must be sponsored
by a bank.

    But the I.S.O.'s and banks have a spotty record of oversight,
according to some in the A.T.M. industry. Fraud investigators, for
example, have sometimes had trouble establishing the owners and
locations of specific A.T.M.'s.

    "It's harder to switch a registration on your car than to move
around an A.T.M.," said Gregg James, a Secret Service agent who
investigates financial crime.

    The system, if not properly supervised, can be used to launder
money. An owner can stock a machine with the proceeds from crime and
then, after withdrawals, be reimbursed from customers' banks with
"clean" currency.

    The American Bankers Association says its members do not see money
laundering as a problem. "That's not something that's come to my
attention," said John Byrne, a lawyer with the association.

    It has, however, caught the attention of the Secret Service and
other federal officials. In 2000, an Indiana man pleaded guilty to
laundering money through his machines. Another A.T.M. money-laundering
case is awaiting trial in California.

    "When I found out what he was doing I thought, `Ah, the perfect
scheme,' " said Donna Eide, the prosecutor in the Indiana case. "It's a
perfect way to get cash back into the system without reports being
filed."

    Small Store Owners Used

    Nasser Alomari is typical of the small New York store owners who
became unwitting accomplices in Mr. Frljuckic's widening fraud,
investigators say.

    Mr. Alomari, a Yemeni immigrant, had originally owned his own A.T.M.
in his delicatessen, now the 10th Avenue Gourmet, in Manhattan. A
private company serviced the machine, paying him $1 for each withdrawal.
In a good month, that meant $600. And until one day in January 2002,
that seemed enough. Then a stranger wearing a gold Rolex with diamond
insets offered him a better return - $1.75.

    He said the man insisted on installing his own A.T.M. Investigators
say it had been fitted with a skimming device.

    Federal records show that the man Mr. Alomari dealt with used an
alias, as he had in buying 21 other machines. Investigators say he was
Hamdija Frljuckic, brother of Iljmija. Hamdija Frljuckic began buying
machines in August 2001 from a New Jersey independent service
organization called Money Marketing.

    "They knew the deep ins and outs of this business," a company
spokesman, Eric Park, said. Money Marketing's vetting process conformed
to the industry standard back then, he added, and included a review of a
buyer's business records and driver's license. "I've never had a fake
driver's license," he said. "How can you ever tell?"

    Money Marketing says A.T.M. buyers now undergo criminal background
checks and must produce, among other things, tax returns.

    By early November 2001, investigators say, the thieves had collected
account information from about 17,000 New Yorkers. The trap was set.

    Similar Fraud Patterns

    The first sign that something had gone seriously wrong came over
that Veterans Day weekend.

    Just as bank customers began to miss money in their accounts,
unusual withdrawal patterns were being detected by computer analysts in
the Arlington, Va., office of Fair Isaac. The analysts noticed something
else: The patterns echoed those observed that year in California and
Florida.

    "Our investigators were 90 percent sure it was the same guys," said
Mr. Urban of Fair Isaac. Investigators had another tactical advantage:
With the highest daily withdrawal limit usually around $1,000, the
thieves had to spend a lot of time feeding fake cards into machines. And
during that time they were vulnerable.

    Once Fair Isaac had identified compromised cards, their numbers were
sent to NYCE, a company that connects A.T.M.'s and banks. Then, when a
suspect card was used again, NYCE, using a software program called
Rooster, pinpointed the location and contacted the Secret Service within
seconds.

    In New York's congested streets, though, getting there in time was a
problem. "We had agents getting out of cars, running up the street,"
said Mr. James, the Secret Service agent.

    In an escalating game of cat and mouse, the thieves began making
withdrawals during lunch hour, when sidewalk and street congestion was
at its worst. And they stopped feeding large numbers of cards into a
single machine, instead slipping from one location to another.

    "They would go in, hit an A.T.M., get on a subway, then go to the
next A.T.M.," said Susan Zawodniak, executive director of the NYCE
network.

    To improve their odds, agents began staking out the sites of
suspicious withdrawals. For five days, nothing. Then, on the evening of
Nov. 15, Citibank told an agent, "approximately $7,000 had just been
withdrawn from different accounts in rapid and successive transactions
from the same A.T.M.," according to a Secret Service affidavit.

    The agent rushed to the bank, where he found two other agents on
stakeout. After a brief chase, they arrested a man seen leaving the
bank. He was Fikret Korac, whom a federal prosecutor called "a criminal
for most of his adult life." In his possession, agents said, they found
11 white plastic cards with magnetic strips and about $30,000.

    Investigators viewed Mr. Korac as a low-level "runner." But after
his arrest, prosecutors say, he called Hamdija Frljuckic, who quickly
tried to withdraw $150,000 in cash from an account in a false name at J.
P. Morgan Chase. But when he asked for the money in $100 bills, a
suspicious bank officer refused, according to the Secret Service.

    Within weeks, Hamdija Frljuckic was arrested - after visiting the
machine at Nasser Alomari's store.

    He is awaiting trial on charges relating to the A.T.M. thefts. But
Iljmija Frljuckic remains at large.

    "The main older brother flees with several million in a suitcase,"
an investigator said. "We have intelligence that he put A.T.M.'s in
other places in the world."

    Reached overseas by telephone, Mr. Frljuckic told The New York Times
that he was willing to be interviewed where he was living, in
Montenegro. But after several conversations to arrange the interview, he
stopped returning calls.

    In all, investigators say, the thieves withdrew money from 500
machines around New York City. The hardest-hit bank was Citibank, which
lost about $1 million, said people close to the investigation.

    Banks are reluctant to discuss the case. "Our hard and fast policy
is we just don't discuss these sorts of things," a Citibank spokeswoman
said.

    At the state banking department, a spokeswoman, Bethany Blankley,
said she knew little about the case because the compromised machines
were not the agency's responsibility.

    "We regulate the safety of the A.T.M. machines only for banks," she
said, "not for supermarkets or little stands where you get cigarettes."

    Industry Looks Inward

    Last March, the A.T.M. industry gathered in Miami to meet with fraud
investigators for some self-examination. The New York case was not the
only one on their minds.

    In late 2002, four Russians were arrested on charges of looting
A.T.M.'s in Canada. Cardholders found their money disappearing in
European cities they had not visited, including Paris, Amsterdam and
Milan, according to a report filed by bank investigators.

    The Canadian fraud seemed to replicate what prosecutors accuse Mr.
Frljuckic of having done.

    "The thing we found troubling," said H. Kurt Helwig, who runs the
Electronic Funds Transfer Association, was that "this was organized
crime."

    An industry task force - including machine manufacturers, electronic
networks and private machine owners - is fighting fraud through, among
other things, better background checks and machines less prone to
tampering. The hope is that these efforts will keep the government from
stepping in. "It's a marketplace issue," Mr. Helwig said.

    Because of their efforts, task force members say, skimming from
private machines is not the danger it used to be. But concerns remain.

    In March, Fair Isaac sent an "urgent notice" of thefts from A.T.M.'s
in San Francisco and the Los Angeles area. Investigators say they
believe those card numbers were stolen through skimming devices in
privately owned machines.

    But now more A.T.M. fraud seems to be occurring at bank-owned
machines, industry officials say. They are refocusing their attention.

    "It's almost as if the criminals were listening and watching," said
Ms. Zawodniak of NYCE. "We build a 10-foot wall, and they build an
11-foot ladder."


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html