How It Happens: Card Trapping (“Lebanese Loop”) — When the ATM Eats Your Card on Purpose

This article is part of the “How It Happens” series — a plain-English guide explaining how bank fraud and unauthorized transfers actually occur. You can see the full series index here:
https://www.cardozalawcorp.com/library/how-it-happens-bank-hacking-and-unauthorized-transfers.cfm

I. What This Is (Plain English)

Sometimes the ATM didn’t malfunction.

Sometimes it was designed not to give your card back.

In a card-trapping scheme — commonly called the Lebanese Loop — criminals modify an ATM so it captures your card after you insert it. The goal is simple: keep your card just long enough for someone else to use it.

You don’t authorize any withdrawals.
You don’t press the wrong button.
You don’t give permission.

You leave thinking the ATM “ate” your card.

This article explains exactly how that happens.

II. The Device: How Cards Are Physically Trapped

https://atmeye.com/wp-content/uploads/2022/06/Lebanese_loop.png?utm_source=chatgpt.com

https://2.bp.blogspot.com/-cD91XQ0ISW4/T2l5O7hKqTI/AAAAAAAAB5c/Qp7H1IfvjJs/s1600/jebakan%2Bcard%2Btrapping.jpg?utm_source=chatgpt.com

https://www.researchgate.net/publication/313472843/figure/fig2/AS%3A459558758948867%401486578754293/ATM-Card-Trapping-Source-Agarwal-2010.png?utm_source=chatgpt.com

A Lebanese Loop is a thin strip or loop — often plastic, metal, or film — inserted into the ATM’s card slot. Once installed:

The ATM accepts the card
The transaction proceeds normally
Because of the "trap door" portion of the Lebanese Loop, the card cannot be ejected

The card remains physically trapped inside the slot.

These diagrams — widely published for public education — show how the loop blocks the ejection mechanism while still allowing the card to slide inward.

For a public-domain overview and diagrams of this technique, see:
Wikipedia’s explanation of the Lebanese Loop card-trapping method:
https://en.wikipedia.org/wiki/Lebanese_loop

III. The Trapdoor Effect: Why the ATM Thinks Everything Is Normal

https://image.slidesharecdn.com/atm-thefts1454/85/Atm-Thefts-1-12-320.jpg?utm_source=chatgpt.com

From the ATM’s perspective, nothing is “broken.”

The card is still detected inside the machine
The ejection motor runs
The card simply doesn’t exit

To the software, this looks like a routine card retention event — not theft.

This matters because many banks treat card retention as a non-fraud maintenance issue, not a crime scene.

IV. Step-by-Step: How the Fraud Actually Unfolds

This fraud relies on timing and assumptions, not hacking.

Step 1: The ATM Is Modified

The trapping loop is inserted into the card slot. Installation takes seconds.

Step 2: The Victim Uses the ATM Normally

The victim:

Inserts their card
Enters their PIN
Attempts a transaction

At the end, the card is not returned.

Step 3: Confusion Sets In

The ATM may display:

“Please wait”
“Transaction canceled”
Or nothing at all

The victim waits, then leaves — assuming:

The ATM malfunctioned
The bank has the card
The card is now disabled

That assumption is exactly what the criminal relies on.

Step 4: The Criminal Retrieves the Card

After the victim leaves, the criminal:

Removes the trapping device
Retrieves the physical card

Now the criminal has possession of the card.

Step 5: Unauthorized Withdrawals Occur Elsewhere

Using the trapped card, the criminal withdraws cash at other ATMs.

This is when the unauthorized electronic fund transfers occur.

V. How the Criminal Gets the PIN

The trapped card alone isn’t enough.

PINs are commonly obtained through:

Shoulder-surfing while the victim enters it
Prior skimming at the same ATM
Hidden cameras installed earlier
Watching reflections or keypad hand movement

This is why card trapping is often paired with skimming.

The victim does not knowingly disclose the PIN.

VI. Why the Victim Did Not Authorize the Fraud

This part is straightforward.

The victim:

Did not approve any withdrawal after leaving the ATM
Did not hand the card to anyone
Did not consent to later use

The withdrawals occur after the victim lost possession of the card due to ATM manipulation.

That is not authorization.

VII. What Evidence Usually Exists

Card-trapping incidents often leave objective evidence:

ATM logs showing card retention events
Surveillance footage of the ATM area
Timing gaps between card capture and withdrawals
Multiple incidents tied to the same machine

Banks frequently overlook this evidence because they focus only on PIN usage.

VIII. What Banks Often Say — and Why That’s Incomplete

Banks may respond with:

“The card was used.”
“The correct PIN was entered.”

Neither explains how the criminal obtained the card.

ATM systems record transactions — not physical manipulation of the card slot.

That distinction matters.

IX. Why This Technique Still Works

Card trapping works because:

People trust ATMs
Victims assume retained cards are immediately disabled
Many believe the bank already “has” the card

Criminals exploit that delay window.

This is not a technical failure.
It is a human-expectation failure.

X. Why This Matters for Victims

Understanding card trapping:

Explains how fraud occurs without consent
Clarifies why PIN usage does not equal authorization
Shows why physical possession still matters
Reframes what “authorized” really means

This matters when banks oversimplify what happened.

🔎 Explore the Full Series: “How It Happens”

Card trapping is just one method criminals use to move money without authorization.

The How It Happens series explains — in plain English — how bank-fraud mechanisms actually work, and why victims are often blamed for actions they did not take.

👉 View the complete “How It Happens” master index here:
[How It Happens — A Plain-English Guide to Bank Hacking and Unauthorized Transfers]