A 10-person consulting firm sent a small team to South America to complete a client project. During their stay, an employee used a business debit card at a local ATM. A month after returning to the US, the firm received overdraft notices from their bank. They identified fraudulent withdrawals of $13,000, all originating from South America. There was an additional $1,000 overdraft fee.


The criminals installed an ATM skimmer device to record card account credentials. Many false debit cards were manufactured and used at ATMs in different cities across South America.

What is Skimming? Skimming occurs when criminals install devices on ATMs, point-of-sale (POS) terminals, fuel pumps, etc. to capture data or record cardholders’ PINs. Criminals use the data to create fake debit or credit cards and then steal from victims’ accounts.


Realizing they had been defrauded, the firm contacted their bank and closed the impacted account
immediately. Their attempts to pursue reimbursement from the bank were unsuccessful. The commercial
account used at the ATM for local currency had different protections from consumer accounts and the
bank was not required to reimburse them for their losses. The bank went on to deduct the $1,000 overdraft
fee from the firm owner’s personal account.
The firm severed ties with that bank. The new bank offered comprehensive fraud protection guarantees.

The firm created two business accounts:
• one for receiving funds and making small transfers
• one for small expense payments

The firm updated travel protocols, banning the use of company-provided debit cards. Employees now
prepay expenses electronically, pay cash, or use a major credit card, as necessary.