I got robbed at an ATM in Pattaya
I’m sure you’ve heard about some ATM fraud going around in Thailand, specifically Pattaya. And I’m sure the information went in one ear and out the other. Well, I was a victim this past week and it was a huge pain in the ass. I checked my online account for my American bank account that my ATM card is linked to and was shocked to see $1,850 USD missing from my account, taken in a series of 6 ATM withdrawals in Panama! It’s not like my card was stolen or anything; I had it in my wallet the whole time. I have never given anyone my ATM pin and I use the same ATM machine in a Tesco I’ve been going to for years. So put simply, there really isn’t a lot you can do to prevent this from happening to you if you use the ATM’s.
From what I now understand, a professional group of Russian criminals has a way of hacking into an ATM machine with some sort of camera like device which takes a picture of both sides of your card, and they’re able to ascertain your pin somehow as well. Then they have some kind of machine that duplicates the # and the strip on the back of the card in a new card. Thousands of miles away someone uses this duplicate card to keep hitting your account until limits set in or until there is nothing left. Even if your withdrawal limit goes into effect, they would just use the card again the next day already knowing exactly how high your daily limit is, and they’d continue for as long as they could.
Fortunately my American bank did reimburse me for all of the money. It took a few days, some paperwork, and lots of times spent on hold with customer service reps sorting the mess out. I check my account daily and if I didn’t there would have been more missing because they would have hit me the next day, but I had my bank cancel the card before they had the shot just a few hours after the last transaction in Panama. Again there isn’t a lot you can do to stop this, but here is my advice for you based on my experience:
1) Check your online accounts daily. Fraud and identity theft is so common these days that you need to be on guard. Monitoring your accounts regularly can limit some of the potential damage or headaches.
2) Make sure you’re banking with a company who gives you protection from these types of things. If they will not reimburse you for money stolen in a situation like mine you should find another bank. I have been told that many Thai banks will not give you the money back and that is reason enough for me not to use a Thai bank ATM card in the future.
3) Do not write any pertinent information on the back of your card. This is something obvious to most, but the customer service representatives I spoke with said it’s a problem even if you don’t lose your card. If you put your card in a machine that snaps a picture of the card, they can clearly see everything you have written.
And here are some tips you always have to consider to help you avoid Identity theft situations:
1) Select very intricate passwords; your DOB or a loved one’s name is not going to cut it.
2) Be careful on the internet. Don’t fill anything in to any site unless you can verify the SSL is from the domain you’re comfortable with. For example if you get an email from Paypal asking you to verify some information, you’ll notice the Root url it takes you to is not paypal.com It’ll be something a scammer has set up like, verificationsprocces12/paypal-verification
3) Be diligent when trashing statements with sensitive information.
4) Don’t carry your Passport around with you. It’s worth too much to a potential pick-pocket.
5) Keep your important documents and ID’s in the safest hiding place possible.
6) Enroll in an identity theft protection plan. There are many companies out there that offer you full protection with 100% or up to 1 million USD in guarantees. The average person in your home country may not need to pay for a monthly service like this, but if you’re traveling or living in Thailand I think it’s worth the money because you’re such a target when you travel. Each country has different companies so you’ll have to Google around to find one that offers you the kind of protection you require. You should also check to see that the company you’re thinking of using is getting mostly positive reviews from legitimate review sites.
I’m thrilled that I didn’t lose any money from this, but the minute I saw the withdrawals on my account my jaw dropped; it was not a happy few hours taking care of the problem. Do your best to protect yourself at all times. One bit of good news, I recently heard that a couple of Russian men were apprehended for ATM fraud; nothing like a stint in a Thai prison for the enforcement of justice.
If I may be so bold…. most likely it was an atm skimmer (google it), with a thai pre-paid sim. When you put your card in the atm it records your mag strip on the back (the electronic numbers) and your pin. It then SMS’s them to some other non-traceable thai sim. They bundle them and sell them to groups on the internet or otherwise use them themselves. They then take mag stripe info and put it on a new card (this could be a hotel key card or blanks or whaterver). the devices that write mag strip data are less than 80 euro and are easily purchased. give the cards to some mules and give them a 10% “mule” fee and bam!
If you have a European (union) bank or American/Canadian bank they are REQUIRED to at least temporarily refund your money unless they reasonably suspect you of trying defraud them. Depending on the type of fraud etc. they usually have 30-180 days to permanently make a decision. Most good banks will provide provisional credit within 2 – 5 business days. Mine is the same day. If you do not report the fraud within a certain amount of time (ask your bank) their actions and your refunds will vary. Usually most banks will say tough luck after 120 days.
So, I take out money inside the bank because a) I need more than my daily limit usually (to pay rent, etc, and then have a week or two of spending money.) b) there is no 150 baht transaction fee (AEON spot will only charge 20b in their ATMs btw), c) The rate (for me) seems to be better via a VISA logo “cash advance” on my ATM card (and there are no other fees except any international trans fee).
I do use a special no-logo card for ATM withdrawls when needed. I use my cell to transfer money into that special account and then take the money out at an ATM. Therefore there is no money in the account (or just pocket change) 99% of the time. So a lost card (no visa logo) even with the pin will net nothing.
I have to notify my bank of what countries that transactions will happen inside. It is pretty affective because I forgot to tell them about Taiwan one time and I couldn’t use my card. So Panama wouldn’t happen (or shouldn’t and I am covered anyway as long as I look at my online account and make sure nothing crazy is going on).
Anyway, the skimming operations may or may not be Russians and IMHO this is probably what happened as this is how most of the the type of fraud you suggest happens. There are a few other ways but all are harder and more expensive and have more exposure.
Passords… don’t use sequential keyboard positions, sequential numbers or words in a dictionary as your password. So 123456 and password are not good (although they are the most common) Use “eYe E4t, fo0d” That password is sooo much harder to crack than “password”. But don’t use my example please, pick something else with spaces or other character, numbers, and lower/upper characters. I phrase is fine especially if it is over 10 characters.
Every email should be suspect. You should assume it is all fraudulent especially when it comes to links and especially with money (like banks/paypal etc). If your bank emails you with a link to your online statement or more importantly that there is some sort of problem (zero balance, overdraft, someone hacked your account) they will call no usually email, and so you should seperately open a new browsing session and go to your bank and NOT click on any links in that email. or just call them if you can.
Again, assume all emails are fraud, even the one from your friend that says, “this is too funny, click the link”.
Make sure your bank is a good one (american, european).
Only leave enough money in your ATM withdrawl account for your current/next withdrawl.
Wiggle the ATM slot and keyboard on the ATM and if it moves slightly or otherwise it looks like an attachment piece (hard to spot), move on, or better yet, just go inside (depending on your account/bank) and get a Visa/MC cash advance against your checking account (should be no fee at least on the thai bank side).
One note on skimmers, Sometimes the ATM machine doesn’t allow for a skimmer on the keypad as well and that is when they employ a cam. Both ways are cheap to implement and extremely effective. The way around the camera is to completely cover your hand so nobody (not even you) can see the keypad. Also, hit other keys between your keys (not enough to activate them). usually the cam, can’t see the screen or audibly hear the touchpad.
Or just have an account that you transfer money into right before your ATM withdrawl and leave nothing in the account otherwise, or…. just take the money out cash advance style inside the bank.
I’ve been skimmed before in Vegas, suxed! Funny thing is they used my card at a walmart of all places!
My rule now is to only use the ATM’s inside at the banks in the shopping centers and never hand my card to anyway to slide.
Good write up.. hey Chris, what about the logical idea you wrote before about have 2 accounts… and online transfer what u need before u go and hit the ATM? so when the Fucks get in there.. theres nothing?
Yes and guys keep in mind that they had my pin though; and plugged me at other ATM’s.
Yes, I have in mind they had your pin. The most likely option depending on the type of ATM was either a ball camera in a rear-looking mirror above the keypad or some other location pointing at the keypad or the keypad itself was also part of the skimmer.
Those are the cheapest and easiest ways with little likelyhood of being caught.
Always cover your keypad and try to make it seem like you are hitting multiple keys at once or more than 4 so it is hard to distinguish. Or better yet go into the bank and do it cheaper (no 150b charge etc). and preferably keep only enough in that account for your next withdrawl.
I have multiple accounts and transfer online, when I use an ATM it’s only to take the money out I just transfered this works cause if someone had my ATM pin and skimmed card they’d never know when i had money in there. paranoid i know but i’ve been done before.
Great bit of info Chris, I’m getting used to this insider info. Thanks a million buddy!
I got scammed like that in Nakhon Ratchasima (Siam City Bank). I cannot understand what happened. I had to pay someone, so we stopped at a random ATM. The person stayed in the car. There was another person lurking around the ATM, but he didn’t get anywhere close to the ATM to see anything. A few days later, I notice that there were no more money in my account. (There were 14,000B before) and a transaction from a different town.
We learned a valuable lesson. We don’t use ATM cards anymore. Actually, I take that back, we empty the account of almost all money immediately on payday. Savings accounts are no-ATM, signature and passport required.
Quite often ATM machines do not work , (communication problems with the bank back home) and its also possible that the ATM machine may not return your card, so I use a Thai bank money changer . I hand over my passport and Visa card , they photocopy it and hand me it back with the withdrawal . I always use the same branch , so if there is any irregularites, I know where it occoured . My main worry is that the ATM machine wont return the card and then I would have to fly home to get a new one . And then I would have to buy a flight ticket without any acces to cash
I don’t understand why if you live in Thailand you’d still use an ATM card from overseas, I use paypal to transfer money from overseas tranfer fees are cheaper and it’s just more convenient.
1st you should have 2 or 3 cards. 1 CC (plane tickets and emergencies), 1 logo’d Debit (most cash goes through this card and you go inside banks and get a cash advance) and 1 no-logo debit (only used if you MUST use an ATM, then only put money in the accountwhen you need it).
Why do I use an overseas account? A bit more of a PITA for Americans to have overseas accounts. Also, I get the market rate when I do the cash advance since my home country bank controls that rate instead of the thai bank if using an ATM. The Thai bank rates are usually about one percent less than I get with my home bank.
The disadvantage is that if I must use an ATM (sunday and the bank is closed) then I get the 150b fee AND the suck rate. I usually think ahead a few days or weeks to prevent this.
This is nothing new. As said above this was a skimmer. They are attached over the card slot and since it is not a permanent installation usually will not be very solid mount. Before you use the ATM grab the card slot firmly and wiggle a bit to see if it comes loose, then look around for anything out of place that could conceal a camera that is how they get the PIN. When I enter my PIN I always cover the keypad as well.
I normally use the same ATM outside of town, I figure they would set up in areas where there are more tourists using the machines and less locals.
I have never been a victim of this but I also recently started a new strategy for protection. I had been using one local bank exclusively, I would wire money from the every couple months then take what I need. Now I opened an account with a 2nd local bank, and set up an online link to my other local bank and transfer small amounts periodically. As an added benefit to me I can deposit money to the 2nd account from the US for a fraction of the wire fee I was paying. So I will never use the ATM card for this account that holds most of y money, if ever I am victim of a skimmer they will not get much.
I am surprised they were able to make 6 withdrawals, I have had my ATM card and credit cards, locked out on me before because I used the card twice in as many days in different countries. It was a pain in the ass but thankful for the security at the same time.
Happened to me at Heathrow earlier this yer. Luckily my French bank caught it, stopped it and re-imbursed me. 3 transfers and 3 attempts after the block. originated in the Ukraine.
There is a way to stop it. My brother-in-law is the head of IT at one of the major banks here in Thailand and showed me how they do it, saw the videos. As was said above they use a skimmer that they place over the slot where you put your card into the machine. Some of these are tinny and really hard to notice.
That gets the information off the magnetic strip. They still however need your pin number. So there will be a hidden camera somewhere watching the keypad.
So to beat them, learn how to punch in your pin number without having to look at the keys. Put one hand over the keypad so there is no possible way that a camera could record you pressing buttons.
Like I said the guy who told me this is head of IT for one of the biggest banks in Thailand and it is his department.
PINs are often harvested by use of a hidden camera. See here: http://www.youtube.com/watch?v=YVq06dLW4kc
Or sometimes by an overlay key pad.
Some types of card skimmer can be seen here: https://www.youtube.com/watch?v=aUyiUAx4NxY
If you’re interested in this subject and want to learn more, a chap called Brian Krebs writes some fascinating stuff. Just Google “Krebs on security” then look for the ATM related articles.
Great advice from ‘American’
One piece of advice that I came across one time was in regards to using your credit card online at an internet cafe. (I use the same “trick” on my own laptop also as I don’t use internet cafes).
When entering your credit card number, let’s say your number is 5439 3764 5390 7821. If you just type it in as stated, there is the potential for a “keyboard” logger program to steal all your info. What I read was to enter something like 5439 3764 9685 7821. You purposefully want to “mis”enter one set of 4 wrong numbers. Afterwards, highlight the 4 wrong numbers and then delete them (the keystroke logger won’t register which numbers you have deleted). Then, input the correct 4 numbers in their place. I also enter 6 numbers for my 3 digit security code subsequently deleting 3 of them (there is not always an option to put in more than 3 digits, so adjust accordingly)
Agreed! excellent advice on the “delete some numbers” process. Make sure you highlight at least 2 numbers with the MOUSE (not arrow select from the keyboard). If all keystrokes are logged, it will incluce the arrow, backspace, delete etc, keys. Also, the clipboard is sometimes logged, so don’t copy/paste as it is the same as entering on the keyboard.
Do as said, type a few good numbers (like 6, then some bad numbers like 3. then go back and delete with the MOUSE to select multiple numbers and then you can use the delete key.
Yeah…I forgot to include the fact that I use the mouse.
If you use an ATM card of Bangkok Bank, you can ask them for a card that only works via the chip (and not via the magnetic trip). I think they call it a Be1st card. These cards only work in ATMs of bangkok bank and can not (yet) be copied.
This happened to me twicwe thice this tear in Pattaya. 1st time was at food land with a suspiciuos Russian hanging around, $600 was later withdrawn in Poland.
In September, I was at SCB covering my hand, and someone got my pin #. They get the magnetic strip info like american said in the beginning. They are now paying Thai people to get behind people with their cell phone cameras to record the pins, a Thai detective showed me one in action. Cover your hand for starters. Don’t enter your pin if ANYONE is around, or if people can be hiding in cars or buildings. Lastly, have a Thai person take out the money, they are not being targeted. That idead about only going into a bank is a very good one.
The worst part was having no ATM card for 3 weeks while waiting for the cancelled one to be replaced, and it was $60 to Fed Ex the new card to Thailand from the USA.
This happened to me twice this year in Pattaya. 1st time was at Foodland with a suspicious Russian hanging around, $600 was later withdrawn in Poland.
In September, I was at SCB at Big C on sukhamvit covering my hand, and someone got my pin #. They get the magnetic strip info like american said in the beginning. The then took out $400 in Kiev, Ukraine. They are now paying Thai people to get behind people with their cell phone cameras to record the pins, a Thai detective showed me one in action. Cover your hand for starters. Don’t enter your pin if ANYONE is around, or if people can be hiding in cars or buildings. Lastly, have a Thai person take out the money, they are not being targeted. That idea about only going into a bank is a very good one.
The worst part was having no ATM card for 3 weeks while waiting for the cancelled one to be replaced, and it was $60 to Fed Ex the new card to Thailand from the USA.
I never heard of deleting numbers and retyping but what some people do, for passwords aw well is break the keystrokes up into blocks type a random block then mouse click the cursor and type the block that goes in that place. Keyloggers don’t log mouse clicks or their position.
I’ve been hit THREE times in Pattaya over the past 6 years. All three times were at ATM machines outside an actual bank. These guys are good at what they do.
Some people would be cheated wherever they go and whatever they would do…
i just got ripped off for 100.000 thb (more then 3000 usd) in Bangkok Bank ATM branch Phuket..someone withdraw money in 2 days,for me is still unclear how someone can withdraw 40.000 thb at once,since my daily limit is 25.000 thb..i no have idea what will happen,if i ever get my money back..while making police report,there were 3 more victims ,all using Bangkok Bank..I strongly recomend people to withdraw their money from this Bank and save money in anothere banks..i feel deeply disapointed..
Follow my advice, open two accounts and transfer money from one to another in amounts you use per week in fact you can get the bank to do this automatically for you, this way if you ever get done it’s only for a small amount.
Yes, they are a lot of Gangs in Pattaya and not only Thai peoples! We have a lot of work there to help our customers!