Edmond Campbell, Senior Staff Reporter
FINANCIAL INSTITUTIONS, particularly those aligned to the Jamaica Bankers' Association (JBA), have pooled human and financial resources in an all-out effort to smash an emerging debit-card scam that is threatening the security confidence of the electronic banking system in Jamaica.
For the first time since the promulgation of the Cybercrimes Act more than eight months ago, the police yesterday reported that they cracked a major cybercrime ring, arresting and charging two men for breaching the far-reaching statute.
Michael Gordon, chairman of the JBA's anti-fraud committee, wel-comed the use of the cybercrime law against debit-card scammers, noting that charges against these persons in the past reflected a slap on the wrist.
"They are now being arrested under the Cybercrimes Act. That's a great improvement because before we were wondering under what regulations these persons would be charged; we were even looking at trespassing," he told The Gleaner yesterday.
Using micro-pin cameras and other technological devices, debit-card fraudsters have been collecting data from debit cards, as well as personal identification numbers (PINs), in an effort to withdraw money from the accounts of cardholders.
He said the cybercriminals were operating mainly in Kingston and Montego Bay.
However, Gordon said banks and other financial institutions have been working together to tackle the scourge affecting the sector.
"Everybody has been working together from the anti-fraud committee and, whenever there is a point where there is a compromise, we let everybody know," he said. "So we get information around quickly so that everybody can get to these customers and change their cards quickly so that they don't incur any losses."
Gordon added: "Even though we have losses, without the efforts being made, we would have incurred far greater."
Banks have embarked on a public-education exercise as they move to sensitise customers about the debit-card scam. Flyers and other information are posted at automated banking machine (ABM) locations and in financial institutions.
"The main thing is that the vulnerability of persons is what makes the system work. If everybody covers their PINs properly, it is difficult for them (scammers) to get to it," he said.
The chairman of the anti-fraud committee stressed that even with the insertion of micro-pin cameras by cybercriminals to capture debit-card data, without PINs, it was virtually impossible to gain access to a person's account.
Another crucial revelation in relation to the fraud is that debit-card data and PINs have increasingly been retrieved at places where cardholders do business.
Help from the inside
Gordon said the police have made arrests at particular locations where attempts were made to capture data and record PINs.
He said it has been discovered that persons at certain establishments were being paid as much as $10,000, in some instances, for providing information on debit cards.
Using small hand-held devices, unscrupulous persons at particular establishments swipe the information on to these devices and then hand the portable machine to cardowners, while observing the PINs being inserted by the user. He said on many occasions, the compromise was not at the ABM.
"There are several places, organisations and locations that it regularly happens and people have been arrested at some of these locations," he said.
"A lot of the headway and advances have been kept quiet and we can't even shout about it."
Last Friday, the police charged the two men under the Cybercrimes Act following an investigation which started on August 28.
According to the police, about 9:30 a.m., the accused were seen acting suspiciously in a motor car in front of an ABM in Manchester.
The men and the vehicle were searched, and found in the car were electronic devices which are used to intercept transactions and to duplicate the PINs and other personal information from customers using the ABM.
By capturing this information, a duplicate card is manufactured, which is then used to withdraw money from customers' accounts without their knowledge and permission.
Persons convicted with an offence under the act could be slapped with a fine of more than $2 million or imprisonment for two years.