The skilful skimmer

Like a typical cashier, his job entailed scanning purchased items for their price and packing the items into a bag. But unlike other cashiers, Shariful Islam's job had made him a millionaire because he would do a bit more than his job description required.

Using a special card-skimming wristwatch, he would steal customers' information stored in the magnetic strips of their credit or debit cards. He would also sneak a glance at the PIN code a customer entered in the swipe machine.

Afterwards, Shariful would take a reprint of the customer's receipt and scribble the PIN code on its back.

Returning home, he would clone the cards by copying the information in blank cards using a laptop and other devices. After cloning the card, he would use it to withdraw money from ATM booths.

 He would don a wig and sunglasses for this step to avoid detection in the closed-circuit television cameras installed at the booths.

All this came to light after the Criminal Investigation Department (CID) arrested him on Tuesday evening. They claimed Shariful was the key man in the recent embezzlement of money from five banks in the capital.

Shariful's scam came to an end after he was picked up from his house in Mirpur, Molla Nazrul Islam, special superintendent of CID, told reporters at a press briefing held at its  headquarter in Malibagh yesterday. The 33-year old cashier used to work at a well-known retail chain shop's Banani branch.

He had gone hiding since March 9 to avoid arrest after police approached the store's officials regarding their suspicions.

About 1,400 cloned cards, a specialised skimming wristwatch, a magnetic strip reader and writer, three point-of-sale (POS) machines, two mini-card reader devices and other related items were seized from his possession, the police official said.

Following complaints from customers, different banks informed police about the financial frauds. Later, police started investigating the incident.

“We first got a complaint from Brac Bank last month about the nine cardholders being swindled. Then we came to know [about similar incidents] in City Bank, EBL Bank, UCBL Bank and Bank Asia,” Nazrul said.

After the investigation, they discovered that Shariful was behind the recent frauds which took place in five banks and he had amassed crores through this.

Shariful had gone to Russia in 2007 to study mining engineering before returning to Bangladesh in 2010.

However, in his three years in Russia, not only did he earn an engineering degree, but also learned how to clone cards to steal money.

He picked up the knowledge from his Russian roommate Evanovich. When Shariful returned, he began cloning cards and stealing money.

He was arrested back in 2013 in Chittagong in two cases over card-skimming and remained in jail for 18 months.

After his release, he started a student consultancy firm, which did not prove to be profitable. He thus returned to card fraudulence, police said.

The CID said Shariful brought the cloning devices from China.

“He cloned around a hundred cards and has a hefty amount of money in his bank accounts at different banks. We got information of one of the banks where Shariful has around Tk 15 lakh.

“Shariful was living a lavish life. He owned a Toyota Allion,” the CID official said.

Shariful was taken into a four-day remand yesterday.

An official of the superstore said Shariful had been working at the POS terminal at the merchant's outlet. Some customers at the chain shop's Banani branch alleged that he [Shariful] used to write something on their slip.

The official said when they wanted to investigate the allegation, Shariful went into hiding. They looked for him at the permanent address provided on his NID and found it to be fake.

Police said Shariful also used to work at other such shops before.

Zara Zabeen Mahbub, head of communications and service quality at Brac Bank, said the cards, which had information saved on their magnetic strip, were copied.

The bank official said they are now providing EMV or chip-based cards which cannot be cloned.

Identity theft, with fraudsters taking advantage of weaknesses in the cards, ATMs, POS and banks, is on the rise in Bangladesh.

According to industry insiders, fraudsters make counterfeit cards with data skimmed off cards used at merchants.

Between February 6 and February 12 in 2016, a gang of fraudsters made away with Tk 25 lakh using around 40 cloned cards.

The foreigner-led gang used data skimmed off six ATMs in the capital to make the cloned cards.

Investigators later detected that they had stolen data from over 1,200 cards and had committed more frauds at POS terminals than at ATMs.

A few days after the crime came to light, Bangladesh Bank asked all banks to tighten security, including installation of anti-skimming devices at their ATM booths. It also instructed banks to make their cards chip-based and phase out the magnetic-stripped cards.

According to a recent survey conducted by the Bangladesh Institute of Bank Management (BIBM), 67 percent ATMs have anti-skimming devices and 52 percent cards are EMV-compliant.

EMV stands for Europay, MasterCard, and Visa, and is a global standard for inter-operation of integrated chip cards, which are used at POS terminals and ATMs for authenticating credit and debit card transactions.

It said if an EMV-compliant card is used at a non-compliant ATM, the card holder could be vulnerable to identity theft.

The study also shows that the most frequent types of fraudulent activity resulting from cyber intrusion reported by banks were ATM /Point-Of-Sale scams.