A Lebanese loop
is a device used to commit fraud
and identity theft
by exploiting automated teller machines
(ATMs). Its name comes from its regular use amongst Lebanese
financial crime perpetrators, although it has now spread to various other international criminal groups. The Lebanese loop is becoming one of the simplest and most widespread forms of ATM fraud.
The term “Lebanese loop” is applied to any number of similar devices that are used to perpetrate ATM fraud by retaining the user's card. In their simplest form, Lebanese loops consist of a strip or sleeve of metal or plastic (even something as simple as a strip of video cassette
tape) that is inserted into the ATM's card slot. When the victim inserts their ATM card, the loop prevents the card being drawn into the machine, fooling the user into believing the machine has malfunctioned or retained their card.
In a typical scam, the perpetrator will obtain the victim's PIN either by watching them enter it the first time (shoulder surfing), or by approaching the victim under the pretence of offering help and suggesting they re-enter their PIN (and again, watching them do so). Once the victim has left the ATM, the perpetrator retrieves the loop and the trapped card, and uses it, along with their PIN, to withdraw cash from the victim's account.
More sophisticated variants of the Lebanese loop scam have developed. In some cases, the fraudsters attach a small camera to the ATM to record the victim entering their PIN. The video from this camera is then transmitted to the fraudsters, who may be waiting near the machine and viewing the video on a laptop computer, meaning they need not approach the victim directly. There have been cases where a fake keypad is fitted to the machine over the top of the real one, and this records the PINs entered.
Evaluation of Lebanese loop fraud technique
There are distinct considerations, advantages, and disadvantages to this technique from the fraud perpetrator's perspective.
Since the Lebanese Loop is only able to capture one card at a time and the card holder will usually react quickly to the loss of the card, the technique must be widely deployed to net a useful number of cards in a short amount of time. This may require a large workforce to accomplish the task.
Often ATM vestibules have video surveillance equipment installed in them, which can make identification of the perpetrator and method easier.
Lebanese Loop devices are relatively simple to construct, which means a lower skill level is required by the perpetrator than with a “skimming” technique.
The Lebanese Loop has been a problem in countries with a high number of ATMs like the UK , The United States, Germany and France. Russian criminal gangs are known to have involvement in the execution of this and other fraud techniques.
When conducting these frauds, an ideal procedure would be to perform the work in gangs and to attack several machines at one time. This way, if one or two get discovered and dismantled by the authorities, there will still be other machines that will stand a chance of yielding captured cards.
Good example Lebanese loop
ATM manufacturers have resorted to several methods to counteract the Lebanese Loop, generally consisting of adding various sensing mechanisms to the card readers. Various network activity profiling processes can be applied to attempt to detect this activity.
ATM industry groups also counsel cardholders to take precautions when entering their PIN into any device.
Other forms of card fraud
Other variants of fraud may use a “skimming”
technique, where an electronic device is fitted over the ATM's card slot and which reads the information encoded into the magnetic strip
on the back of the victim's card as it is inserted. This variant does not require the card to be retained; the transaction runs normally, and the data recorded from the original card is copied to another blank magnetic stripe card, which is then used to withdraw cash.
At their most sophisticated, scams can involve the construction and installation of fake fascias built to fit particular ATMs or other card reading devices. These false fronts can house any of the above devices to gather data from the user and allow the perpetrators to acquire or clone cards and their associated PINs. These fakes can often be indistinguishable from unmodified devices to the untrained eye.