Rise of Card Skimming & How to Keep Protected
Criminals are becoming more and more sophisticated when it comes to stealing card information. Recent times have seen a significant rise in the number of skimming attacks on ATMs. Our Field Technicians around the West Coast States have witnessed this firsthand while making their routine on-site visits with our customers. As a result of their extra attention to detail and field knowledge, they're spotting these devices and helping to protect our clients and their customers from significant losses.
What is skimming?
Skimming is the installation of an unauthorized device to capture and collect card details and PIN codes. Skimming devices are made to look like part of the ATM and, if undetected, multiple cards can be compromised in one attack.
The stolen card information is used - without the knowledge of the customers - to produce counterfeit cards for subsequent fraudulent unauthorized cash withdrawals.
Types of skimming
Overlay Skimmers are designed to look like the card entry slot of the ATM and have small magnetic read heads and data storage components fitted within them.
A magnetic read head is hidden within a device that is usually made to look like part of the ATM. The device is placed so that the target card will pass through it. A digital or analogue copy of the card data is made and stored on a memory chip within the device for retrieval (or download) later on. A computer program is then used to rewrite the data on to a "Clone" card.
More advanced forms of analogue skimming store the information as an MP4 format file or similar, then allows for video of the PIN entry from a hidden camera to be stored at the same time as part of the same file. This allows the criminal to easily match card data to PIN entries which is not as easy when using other skimming methods. The audio recording within the file is then analyzed and the card details extracted and written on to a "Clone" card.
Eavesdropping devices are data capturing devices that record the card data from a point within the ATM itself. They are attached by gaining access to the modules in the ATM. This can be done through unauthorized entry using a common rear door key or by cutting/ drilling/ melting a hole into the fascia. The hole is then covered up afterwards.
Most commonly, the devices are attached to the ATM in one of several locations through the read head. Once attached, the device then uses the existing components within the ATM to capture the data and record it for retrieval (or download) later on.
Also referred to as deep insert skimming or razor skimming, the insert skimmer is a flat device, slightly thicker than a customer card inserted into the ATM so that it fits within the card reader. It has a magnetic read head for card data capture and storage for data with a wireless transmitter (usually Bluetooth) to transmit the captured data.
When inserted and in place, it evades traditional Anti-Skimming devices as their jamming signals are focused on the card entrance slot. This model is almost impossible to jam as the insert skimmers read head is now very close to the legitimate read head of the card reader and any jamming signal directed at that location would also interfere with the ATM's ability to read cards.
Card Shimming is the installation of a device on an ATM to capture data from the chip of an inserted card. This device is designed to read the data contained on the chip of the customer's card. The shimmer is usually fitted between the customer's card and the contact pins in the reader. This allows for capture of the same data that can be captured from the magnetic strip.
How to keep protected from skimming attacks
There are several ways to identify skimmers when using an ATM. These can help keep you protected and are worth the small amount of time it takes.
The most common method of skimming is at the card reader. Criminals will place a skimmer over the ATM's card reader which often blend right in and look like part of the original machine.
Before inserting your card, look for signs of tampering, tape or glue, bulkiness or any loose fitting parts or attachments.
Along with the skimmer attached to the card reader, criminals will include a camera to record the PIN and are often very hard to detect.
Be sure to shield your PIN as a best practice measure. Additionaly, check for any small holes in and around the keypad area, panels above the machine or any parts that look like they may be 'stuck' on.
Another method used to capture PINs are overlays of a thin keypad on top of the original keypad. This device relays the keypresses so that the ATM functions as normal, but the overlay keypad is recording the PIN entry process. If these are used with card traps, criminals can make use of the card details instantly.
Keep an eye out for any loose, spongey, thick, or raised keypads.
Criminals will use card traps, also known as 'Lebanese Loops', to prevent the card being returned after a transaction is made.
If your card becomes stuck in the machine, it's best to stay with your card and call your bank instead of leaving it and reporting it later, as a criminal could be nearby waiting to remove it.
Skimming attacks often mean the criminals are nearby to retrieve the stolen information and can also simply look over your shoulder to steal your PIN.
Keep an eye out for people around you as you use the ATM and cover the keypad as you input your PIN.
Stay vigilant and and be sure to report anything suspicious or out of place.
Contact Cennox for any advice on what to do if you find a skimming device.
Learn more about ATM Security from Cennox.