ATM skimmers don't even have to be on the ATM
Posted on 31 January 2011.
Careful ATM users know enough to give a hasty visual check to the machine before using it and to hide the keyboard while entering their PIN.

Unfortunately, sometimes even that is not enough to prevent the fraudsters, and the worst part of it is that they continually think of new ways of stealing your credit and debit card data.

A type of attack that can't be detected by ATM users because there's nothing off on the machine or close enough to it to make them suspicious has been pointed out by Brian Krebs. According to him, criminals have devised a very clever tactic - one that is usually employed to steal the information from users who prefer to use the ATMs located in the antechamber of a bank or building lobby.

Access to these machines is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card through it.

Regrettably, crooks have devised a way to add a skimmer to these locks, so that when the customers perform the action, it records the cards' information. And odds are that customers won't even check to see if there's something suspicious about the lock.

When the customers finally access the ATM, those of them who don't take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above an ATM - which they assume is there to allow them to see if someone is standing behind them.

An instance of this type of attack has been recorded all the way back in 2009, when a customer of a bank in California discovered the camera behind the mirror above one of the two ATMs in the lobby of the bank. It turns out that the criminals put an "Out of Order" sing on the other ATM to force the customers to use only the one that was covered by the camera.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th