ATM Use Fraud
06/08 - (NY) - Citibank officials monitoring their network for fraud on Thursday, May 8, noticed suspicious ATM transactions at 8:30 p.m., coming through the five cash machines in the vestibule of a Citibank branch at 65th Street and Madison Avenue in New York City's Upper East Side.
As luck would have it, a bank employee -- probably a corporate security official -- was already staking out the branch from across the street.
Three months had passed since Citibank notified the FBI that a hacker managed to steal customer-account numbers and PIN codes, in an attack on a server that processes transactions from Citi-branded ATMs at 7-Eleven convenience stores. In late February and early March, the FBI and the U.S. Secret Service arrested two Ukrainian immigrants and two alleged co-conspirators for allegedly using the stolen PINs to steal $2 million in cash from unsuspecting Citibank customers.
But the arrests didn't stop the fraud, which sprang from perhaps the most serious computer intrusion into a bank system to date. The FBI has recently made at least six more arrests in New York -- bringing the total to 10 -- thanks to information from arrested scam suspects, a lucky traffic stop, and an undercover operation that at one point had Eastern European hackers chasing a female FBI agent through the streets of New York, trying to mug her for ATM-card-programming gear.
Six months after the 2007 breach, Wired.com is receiving scattered reports of Citibank customers still suffering mysterious withdrawals from their bank accounts.
The FBI believes the brains behind the operation is a Russian man, who's receiving the lion's share of the profits through international wire transfers and online-payment systems. While Citibank and federal officials are being closed-mouthed about the PIN theft and the ensuing fraud, the Citibank heist provides a rare look at how a single high-value breach reverberates through the international "carding" community of bank-card fraudsters.
What's more, neither Citibank nor the third-party transaction processor involved in the breach has warned consumers to watch for fraudulent withdrawals, raising questions about the disclosure policies in the financial industry. Citibank spokesman Robert Julavits says the bank "has complied with all applicable notification requirements."
At the time of the May 8 transactions, Citibank -- the largest bank in the U.S. by holdings -- had been dealing with a spike in ATM thefts centered on the Upper East Side: Some $180,000 in stolen cash had walked out of ATMs in the upscale neighborhood in the previous three days.
Several of the withdrawals had come through the 65th Street branch, prompting Citibank to put the location under surveillance. When the Citibank official staking out the spot got a call alerting him to a theft in progress, he crossed the street to peer through the vestibule glass, and watched as a man in a baseball cap, jeans and a sports coat put a thick envelope into a briefcase and moved from one ATM to the next.
The official flagged down two nearby NYPD officers who'd already been briefed on the fraud, and the cops arrested 28-year-old Aleksandar Aleksiev. With his consent, they searched his bag and found six ATM-deposit envelopes stuffed with cash, and 12 blank cards with stickers on them and a different PIN code written on each.
The successful stakeout wasn't law enforcement's only lucky break.
In late February, and early March, officials arrested two Brooklyn men and charged them with stealing some $2 million from ATMs from late 2007 until their arrest. When federal agents raided the home of one of the men, 32-year-old Yuriy Ryabinin, they found $800,000 in cash -- of which $690,000 was in garbage bags, shopping bags and boxes stashed in the bedroom closet. His co-defendant, 30-year-old Ivan Biltse, had another $800,000 in cash.
It appears the two may now be helping the FBI. According to court documents in a related case, two fraudsters began cooperating in March, following their arrest for $2 million in ATM fraud. The informants are not identified by name, but the details and the timing suggest it's Ryabinin and Biltse. (Ryabinin's lawyer declined to comment; Biltse's didn't return a phone call).
The informants filled the FBI in on the operation. Beginning in December, 2007, they began working with a mysterious ringleader in Russia, who provided them with ATM account numbers and PINs. The deal was straightforward: They'd use the information to encode fraudulent ATM cards and withdraw cash, sending 70 percent of the take to the Russian and keeping 25 percent for themselves. Another 5 percent went for expenses.
The duo initially used Western Union money transfers to get cash to their boss in Russia, according to an FBI affidavit. Later, they exploited a relationship with 30-year-old Ilya Boruch, an "exchanger" for the site WebMoney, a PayPal-like internet-payment system.
Exchangers are normally legitimate businesspeople who swap cash for WebMoney's internet currency. But according to the feds, Boruch had gone bad and become a money laundering service for the Citibank ATM heists, transferring hundreds of thousands of dollars to the ringleader in Russia, without reporting the transactions to the government, as required by U.S. law.
Through her business, Bidding Expert, Boruch allegedly funneled as much as $80,000 to $100,000 a week on behalf of the two fraudsters, who delivered the cash to Boruch in person, sometimes by tossing envelopes into an open window in her car.
One of the informants, identified as co-conspirator 1, or CC-1, in court documents, held this instant-messenger exchange with Boruch on Jan. 10, according to the FBI. (Punctuation is added).
CC-1: Need more wm [WebMoney] ...
Boroch: How much?
CC-1: 60 [$60,000]
Boroch: Wow. Ok. Listen, is everything ok?
CC-1: So far. Why?
Boroch: Well, you need so much wm! It's just kinda strange
CC-1: We're working
Boroch: Ok. Drop it off all in 100s ...
CC-1: When can the wm be ready?
Boroch: Don't know
Boroch: If you pay an additional 0.5 percent then it'll be ready tomorrow
CC-1: And if not?
Boroch: Then I don't know. I can buy it from my people, but they're expensive
Boruch was charged late last month in New York with conspiracy to launder money.
Another break in the case had its roots in a Jan. 30 traffic stop, which unfolded two days before the FBI was told about the Citibank breach.
Two Westchester County police pulled a car over for speeding on the Saw Mill River Parkway in Dobbs Ferry, New York. The driver, 21-year-old Nue Quni, was driving on a suspended license, so the officers decided to have the vehicle impounded. While they waited for the tow truck, they conducted a routine "inventory search" of the car.
Inside, police found $3,000 in cash, a laptop computer, a mag-stripe writer -- which is used to reprogram cards -- and 102 blank, white plastic cards. They also recovered receipts showing cash withdrawals from ATMs in Manhattan and the Bronx, and more showing wire transfers.
Facing federal access-device-fraud charges, the passenger in the car, 22-year-old Luma Bitti, began cooperating with the FBI. She explained that she was hired over the internet in December to program cards with the stolen information, then withdraw money from ATMs and wire it to other people. With Bitti's consent, an FBI agent took over her IM and e-mail accounts, and began corresponding with the person who hired her.
The FBI arranged in April to meet the man in Manhattan, supposedly to provide him with a mag-stripe writer. An FBI agent, still posing as a fraudster herself, showed up at the meeting with a mag-stripe writer in hand.
But the man, who is not identified in court documents, double-crossed the undercover agent, and sent two proxies in his place: 21-year-old Andrey Baranets and one Aleksandr Desevoh, according to an FBI affidavit. When the agent refused to hand over the mag-stripe writer, Desevoh took a swing at her. She ducked the blow and ran away.
The two men gave chase through the streets of Manhattan, before they were grabbed by other FBI agents who'd been watching the scene. Desevoh "forcibly resisted arrest," according to court records. Both men are now charged with access-device fraud and assaulting an FBI agent.
While the FBI chases, and is chased by, Eastern European cyberthieves in New York, Citibank is issuing new ATM cards to customers they believe were impacted by the hack attack. Meanwhile, there's evidence that the fraud is not confined to the Big Apple. Rahul Kumar, a transportation consultant in San Diego, says someone took $3,000 from three of his Citibank accounts on June 15, while his ATM card was safely in his wallet. "I spent the entire day Tuesday making five or six phone calls," says Kumar. "I spent hours on the phone, calling an attorney, calling the police."
Citibank emphasizes that customers aren't responsible for fraudulent withdrawals. But the bank won't say how many consumers had their information stolen in the attack. Court documents suggest the breach is limited to those who made withdrawals during the period that the server was actively compromised. But the bank won't reveal what that period was.
Also unclear is who was responsible for the server that was attacked, and why PIN codes, which are supposed to be transmitted only in encrypted form, were vulnerable. An FBI affidavit in the case blames a Citibank-owned server responsible for processing transactions from 7-Eleven convenience stores. But Citibank blames an unnamed "third party" transaction processing firm.
While all 5,500 7-Eleven ATMs are branded with Citibank's logo -- and are free to Citibank customers -- those machines were purchased in July of last year by a Houston-based company called Cardtronics, the largest nonbank operator of cash machines in the United States.
According to Cardtronics' last annual report, it launched its own in-house transaction-processing operation in Frisco, Texas, in late 2006, and had switched over some 13,000 ATMs to the system by the end of last year. But on 3,500 of those 7-Eleven machines, ATM transactions are still processed by another company, called Fiserv.
A Fiserv spokeswoman says the company's servers were not the source of the breach. "The original intrusion occurred on servers that were neither owned nor operated by Fiserv," writes Melanie Tolley, vice president of communications, in an e-mail. "As a result of the intrusion, legitimate parties' information was captured through the use of malicious software, and that information was subsequently used to commit the crimes for which persons have now been indicted."
Tolley adds that Fiserv was questioned about the breach, and is cooperating fully. "We cannot speak for other parties involved in this incident, but we believe this matter was investigated and resolved in a timely fashion," she writes.
If Fiserv is innocent, that seems to leave Cardtronics holding the bag. The remaining 2,000 of the 7-Eleven ATMs not served by Fiserv are advanced models called Vcom machines, manufactured by NCR. According to Cardtronics' filings with the Securities and Exchange Commission, transactions on those machines were still being processed by 7-Eleven's own in-house transaction processing system, until Cardtronics migrated them to its system last February. 7-Eleven did not immediately return a phone call Tuesday. Cardtronics has failed to return repeated phone calls about the breach.
11/08 - (Australia) - A MAN charged with stealing more than $30,000 by posing as a delivery man bearing wine and flowers was refused bail in court yesterday.
David John Hennessey, 50, was stopped by police on the F3 freeway at Wahroonga, in northern Sydney, on Friday. He was arrested after a police search of his car allegedly found a number of card skimming devices.
Police allege that Hennessey had defrauded 10 residents of the Eastwood-Gladesville and Ku-ring-gai areas of $32,000 by posing as a delivery man bearing wine and flowers.
Before the victims received the package they were told they needed to swipe their credit cards to pay a delivery fee of $3.50. Police allege that in all cases those involved swiped their credit card into a hand-held machine and were given a receipt for their payment.
In each case no card was ever received indicating who the parcel was from, police said.
Police allege Hennessey used details gathered from a scanning device to access the accounts of 10 victims and make unauthorised withdrawals totalling between $2000 and $15,000.
Hennessey was charged with 10 counts of obtaining benefit by deception and one count of having stolen goods in his possession.
He was refused bail in Parramatta Bail Court yesterday and will face Hornsby Local Court on Thursday.
(Sydney Morning Herald)
ATM Protection Advice for Debit Card Scam
11/08 - Bank card users should be cautious when using ATMs this holiday season.
The Cobb County Sheriff’s Office fraud department is investigating an ATM scam that netted two suspects $30,000.
Nikolov Nikoliy, 23, and Yordan Kavalov, 29, were arrested Nov. 6 at a Powers Ferry Road ATM location after using “skimmers” to tap into several bank card customer accounts, said Lt. Mike Reece, head of the fraud unit.
They are being held without bond.
A skimmer is a small electronic component that can be placed over the slot where customers insert their ATM card. It reads the magnetic strip on the bank card, which can be transferred to any gift card. A small camera is placed on the ATM to record the customer’s PIN number.
After transferring the information from the skimmer to a gift card, it can be used to withdraw money directly from a customer’s bank account.
Reece said gift cards work perfectly because they are small and the magnetic strip is in the right location.
Bank card customers can immediately tell if their card has passed through a skimmer if it is harder to insert or retrieve from an automated teller machine, said Detective Ron Cook, a Cobb County fraud investigator.
“These skimmers are getting smaller and harder to detect,” Reece said. “They usually put them on the ATM machines after banking hours.”
The Cobb County Police Department’s violent street-crime unit arrested Nikoliy and Kavalov after a tip from a late-night ATM user. The men listed Chicago and Florida addresses.
Police say the suspects parked their car several feet away and walked to the Bank of America machines at 2000 Powers Ferry Road. They used the machines several times, according to Reece.
When confronted, they had $11,000 in cash and 65 gift cards in their car, according to the arrest warrant.
Reece wasn’t sure whether the gift cards were stolen or purchased.
After obtaining a search warrant for the suspects’ hotel room, detectives found $20,000 in cash, two laptop computers and magnetic card readers and writers.
“Customers should pay attention to the machines,” Reece said.
(The Atlanta Journal-Constitution)
07/08 - Some parents give their baby a rattle or a cuddly toy to play with.
Fraudster Adu Bunu presented his nine-month-old son with a mountain of stolen banknotes.
Bunu, who is believed to have made more than £1million by cloning cashpoint cards, surrounded the child with £20, £10 and Euro notes. He then photographed the scene and sent the pictures home to Romania to show how easy it is in England to be literally rolling in cash.
Champagne-swilling Bunu, 34, was so brazen that even when caught he denied the snaps were evidence of guilt, insisting the money had been given to his son on his christening.
His claims were dismissed by a jury at Hull Crown Court, and last night he was beginning a five-year jail term after being convicted of cloning more than 2,000 cashpoint cards and milking his victims' accounts.
Official figures suggest that Romanians are responsible for the vast majority of offences such as this, and it is thought that Bunu is part of a gang. As the Government threw British borders open to all Romanians last year, the number of similar crimes is only likely to grow.
Bunu is believed to have initially come to England illegally in 2005 - his fingerprints were found on cashpoint machines used for huge frauds in the South in 2006.
At some point he slipped back home so, at the beginning of 2007 as Romania joined the European Union, he could return legally with a glamorous wife and newborn son
He described himself as a painter and decorator, and claimed to be seeking labouring work.
He moved into a rented three-bed semi in Wakefield, West Yorkshire, and immediately launched into crime with his Romanian accomplice Florin Palade, 33.
Noting a lack of CCTV cameras, they targeted cashpoint machines at two East Yorkshire supermarkets, Morrisons in Beverley, and Waitrose in Willerby.
They made false cashpoint fronts fitted with a card reader and pin-hole camera to record account details and PINs without raising suspicion. The devices could be fitted and removed in seconds.
In just four months, the pair collected details from more than 2,000 victims and cloned them on to loyalty cards, writing the PINs on the signature strips.They then travelled the country, covering up to 830 miles a day, to collect up to £500 a time with each card using different cashpoints to avoid detection.
In court it could be proved only that £43,000 was stolen, but the jury was told the fraud could have netted up to £1.1million within a matter of weeks. Neighbours said Bunu always dressed in designer suits, sometimes had two new BMWs, and that his back garden was littered with champagne bottles.
He was caught by chance after he was cautioned for speeding on the M62 last year, and gave police a fake driving licence.
Detectives investigating fraud at the Beverley supermarket had meanwhile installed hidden cameras - and recognised Bunu when shown a picture of him taken by the traffic police. They began tailing him.
On a single day last November he and Palade travelled 323 miles, taking cash from machines in Warrington, Lichfield and Hereford.
In the following days they took out more cash in Wakefield, Batley, Halifax and Dewsbury, usually from supermarkets without CCTV.
It was at this time that Bunu photographed his son on his blanket of cash.
Prosecutor Paul Reid told the jury: 'The pictures speak for themselves. It may give you some flavour of the way Mr Bunu felt about his endeavours. You can afford to be relaxed with cash when it is not your money.'
When police finally raided Bunu's home in January, they found evidence of thousands of pounds being transferred to Romania, and almost £4,000 in cash. His new BMW was parked outside.
Officers then raided his accomplice's flat nearby, and found the pair's workshop. There was a laptop containing details of 1,172 victims, eight false cashpoint fronts, and £2,000 in cash.
Palade has not been caught and, asked by police if he had partners in crime, Bunu said: 'No. What crime?'
Eventually he admitted theft but denied conspiracy, claiming he had taken money from cashpoints but had not masterminded the operation. His claims were rejected.
Judge John Swanson told him: 'You set yourself up to deprive the banks of as much money as you could. In this case some 2,008 bank accounts were cloned in a well-established conspiracy. It is the public who have to pay in the end.'
Hampshire and Sussex police still want to speak to Bunu about his fingerprints appearing inside three false cash machine fronts used in frauds in spring and summer 2006.
Charges over $800,000 ATM Transaction Scam
09/05 - (Australia) - ANZ Bank customers have been robbed of $800,000 by an international gang using skimming machines to copy card details at the bank's ATMs in Sydney, a court was told today.
It is unknown how much more has been stolen from other banks' ATMs in the alleged scam, which has been operating since August.
Police have urged the public to carefully inspect ATMs for bogus equipment.
Officers said today hundreds of bank accounts had been skimmed by the four members of the gang who were foreign nationals linked to Canada and Bulgaria.
Canadian nationals Christo Sotirov, 45, and Assen Dotchev, 22, appeared in Manly Local Court in Sydney today charged with making or possessing implements to make false instruments.
Police told the court during Mr Dotchev's appearance that he, Mr Sotirov, Svilen Marinov, 27, and Gueorgui Dinkov, 24, lived in a unit at Dee Why on Sydney's northern beaches.
They skimmed the cards from information gained at ATMs then sent the money to accounts in Canada and Bulgaria.
"The group the accused is a part of are known to have obtained $800,000 from ANZ Bank accounts alone," a police statement tendered to Manly Local Court said.
"The total from other banks is unknown."
Mr Sotirov and Mr Dotchev were granted conditional bail and ordered to reappear in North Sydney Local Court on November 1.
Mr Marinov was charged with three counts of making or possessing implements to make false instruments, one count of having suspected stolen goods in custody and one count of larceny.
Mr Dinkov faced two counts of making or possessing implements to make false instruments and one of having suspected stolen goods in custody.
Mr Marinov and Mr Dinkov were refused bail in Burwood Local Court and ordered to reappear in the same court on October 24.
ANZ Bank has confirmed substantial losses through an ATM scam, but has not elaborated.
Fraud squad Detective Inspector Mark Rudolph, speaking outside court, said cameras had been used to capture cardholders' PIN numbers as they were entered into ATMs, while another device over the card slot read details on the cards' magnetic strips.
Bank details from the strips were copied onto blank cards which were then used with the PIN numbers to withdraw money, Insp Rudolph said.
The cameras and magnetic strip readers were stuck to the ATMs and looked like original parts.
Police had seized 10 such devices from ATMs across Sydney in the past two months, Insp Rudolph said.
Police from Strikeforce Craddock, formed a week ago to tackle the fraud, arrested the four yesterday in raids on the Dee Why unit and at a house at Summer Hill in Sydney's inner-west,
Insp Rudolph said more than $100,000 cash was seized at the Dee Why home, along with property police will allege was used in the ATM scams.
Meanwhile, Insp Rudolph encouraged people to closely inspect ATMs for bogus equipment.
"If there's anything that causes you concern, grab hold of it," he said.
"If it's moveable, if it pulls off, of course it shouldn't be there and raise it with the police and the bank immediately."
ATM Stolen ID Fraud
11/02 - (Australia) - FRAUDSTERS have robbed at least 100 NSW EFTPOS cardholders of more than $300,000 over the weekend in the first ATM fraud of its kind in Australia.
And the figure could rise to several hundreds of thousands more as victims – who all used the same ATM machine in King St, Newtown – discover money has been stolen from their accounts.
Customers from all major banks connected to the ATM could be affected, and the banks are holding an emergency meeting with police today.
An Asian organised crime syndicate is suspected of being responsible for the scam, in which a removable "skimming device" was attached over the slot where customers entered their EFTPOS cards.
The device, which has not been recovered, is believed to have resembled part of the machine.
Police believe the device was attached to the St George ATM on Friday, Saturday and Sunday before being removed.
The device "skimmed" or recorded the victims' account details on the magnetically-encoded strip.
The criminals then used another machine to encode the already-skimmed information on to parking tickets from both Australia and Malaysia.
With superglue, they stuck these cardboard tickets to the back of a metallic plate the size of a regular EFTPOS card.
Using a hidden camera or by "shoulder surfing" – watching customers enter their PIN – they have obtained the victims' PIN numbers. They then wrote the numbers on a sticker, and attached them to the corresponding bodgie cards.
From there, the criminals went on a spree of cash withdrawals throughout the city, withdrawing up to $6000 from each of the victims' accounts.
They had used ATMs in the city, inner west, north shore and eastern suburbs to withdraw money.
Yesterday at the casino police discovered a car believed to be linked to the scam, as inside it were all the ingredients used to create the bodgie cards.
Strike Force Venlo commander, Detective Inspector Michael Gerondis, confirmed police had recovered at least 70 of the cards used in the scam after some were captured by banks' ATMs.
It was the first scam in NSW and possibly Australia in which a skimmer was attached to a bank's ATM.
"It is the most sophisticated skimming we've seen in Australia yet," he said.
Police have not ruled out the fraudsters may have used the device earlier to "test" its success.
One woman had $390 stolen from her St George MasterCard after she used the same ATM.
The thieves withdrew two lots of $100 and a further $190.
The woman, from Newtown, said she realised something was wrong when she tried to buy a pair of shoes with her ATM card but the transaction was declined.
"I then rang St George and they told me other people also had money taken from their accounts," she said.
A St George spokesman said the bank was aware of at least 100 similar incidents.
"There was an issue of fraud over the weekend and it is being fully investigated," the spokesman said.
He added that all customers would be fully reimbursed.
An Australian Bankers Association spokesman said genuine fraud victims, who had not enabled the fraud by giving out their PIN, were entitled to a full refund by their bank. However, it could take a maximum of 45 days to investigate a complicated fraud.
HOW THE FRAUD WORKED
- A skimming device is attached over the mouth of the ATM, so it resembles part of the machine.
- The machine records the account details encoded on the card's strip as it passes through, and stores the information.
- The fraudsters use a reverse skimming device to encode the information on the magnetic strips of parking tickets.
- They also obtain the PINs by observation
- They withdraw cash from the accounts at an ATM
- The victim realises when they try to make a withdrawal and the money is gone from their account
- Victims who used the ATM are advised to check with their bank immediately to determine if money has been illegally accessed.
- Report it to the bank and they will refer it to police.
(word document with photos)
The following photographs clearly illustrate the resourcefulness, sophistication and technical expertise possesed by today’s high-tech scam artists. Special thanks to Police Chief Enrico L. D'Alessandro, NYS University Police, Morrisville State College, Morrisville, NY, for sharing these extraordinary photos.
The photographs illustrate two separate elements of a scam designed to both secretly access information from an ATM card, and covertly observe the user’s keypad entries.
The first element involves the installation of an additional ATM card reader, carefully designed to mount over the machine’s existing card-slot. When an ATM card is inserted into the card-slot, the user activates the machine as he or she would normally, removing the card at the conclusion of the transaction. However, unbeknownst to the customer, the second card reader memorizes all of the card’s information, thereby allowing the thieves to make a duplicate of the customer’s card.
The additional card reader is manufactured of material similar to the machine’s other components, making detection difficult. Please notice that, as seen in photos #1 and #2, the scamster’s card reader in this example partially obscures an instructional label affixed immediately adjacent to the legitimate card reader. Additionally, it appears that the scamster’s card reader is a slightly different color than the machine, although such a slight variance would likely go unnoticed, especially at night, when the area is illuminated with either incandescent or fluorescent lamps.
The second element of the scam borrows an advanced electronics ploy previously used in casino cheating: A small video camera and radio transmitter are secretly placed near the ATM, with the lens directed at the machine’s keypad and video screen. Images of an ATM customer entering access codes, etc. are transmitted to a remote receiver located as far as two hundred meters away, where the scamster either videotapes the information, or simply writes the information down for later use.
In our photographic examples below, the camera is cleverly hidden in what appears to be a pamphlet holder “conveniently” mounted for the customers on the wall adjacent to the ATM. The pamphlet holder, quickly affixed to the wall by the scamster or an accomplice with double-sided tape, would surely go unnoticed by all unfamiliar with this scam (see photos #3 - #6).
Reports indicate that scamsters’ cameras have been hidden elsewhere within ATM kiosks, and some brazen scamsters are alleged to have candidly installed cameras at ceiling level to mimic legitimate ATM security cameras. Keypad entries and information displayed on ATM video screens can be targeted with a medium telephoto lens, and the information radioed to a remote location.
Just being aware of the possibilities can help us to avoid being scammed. Considering the difficulty in locating hidden cameras and the possibility of scamster’s cameras mounted to look like ATM security cameras, positioning ourselves to cover our keypad entries and video screens, even when we are alone in a kiosk, seems like a sensible precaution.
Cashpoint Scam Using Lebanese Loop
01/06 - (UK) - THOUSANDS of pounds have been stolen after a device was fitted to a Louth cash point machine.
The scam, known as the Lebanese Loop, took place at the cash point at the Nat West bank in the Market Place on December 23.
A customer spotted the device on the machine but already ten people had been robbed of between £300 and £1,000 from their bank accounts.
The fraudulent transactions were all made in the London area between December 23 and December 30.
Police are now warning people to be extra vigilant and to check cash machines before putting their card in.
The devices are normally fitted on the machine around the card slot and are either a small box containing a camera which photographs customers' details or a metal strip.
The police say they are investigating the incidents.
A spokesperson for Nat West bank said: "The Lebanese Loop is an industry wide issue, which can affect all UK banks. We are working closely with the police in the area to combat this crime. It is not isolated to a particular area or a particular bank."
Nat West Bank offer these tips to cash point users:
* When using a cash machine be wary of anyone trying to watch you enter your PIN number. Shield the numbers with your other hand as you enter them and do not allow yourself to be distracted.
* Never write down your PIN number and never disclose it to anyone even if they claim to be from your bank or the police. Neither your bank nor the police would ask you to do this.
* If you are at all concerned something is wrong with the cash machine you are using try to stay with it and your card. Ask someone else to go into the bank for you to alert a member of staff or phone the bank/police from the machine.
Lebanese Loop ATM Security Scam - article
ATM Identity Theft Protection - article
Cash Machine Bank Card Scam in UK - article and other links
ATM Crime - Lebanese Loop Scam - site item