Beware of ATM skimming

This type of fraud occurs when an ATM is compromised by a skimming device, a card reader which can be disguised to look like a part of the machine. The card reader saves the users’ card number and pin code, which is then replicated into a counterfeit copy for theft.

Criminals place a device on the face of an ATM, which appears to be a part of the machine. It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder near the ATM, in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

A customer at a New York City bank discovered a skimming device on the face of an ATM and went inside the bank to inform the branch manager. The manager, who had never seen an ATM skimmer and wasn’t sure what to do, took the skimmer and thanked him. The customer then remembered, from numerous reports about ATM skimming, that there is usually a second part to the ATM skimmer, the camera. In this case, he found it behind a small mirror that alerts the ATM user to beware of “shoulder surfers.” He brought the camera to the bank manager, who replied by saying, “Maybe we should shut that machine down, huh?” The bank manager contacted bank security, shut down the machine, and alerted other area banks.

Skimming is one of the financial industry’s most difficult crimes to protect against. At one time the worldwide ATM Industry Association reported over and one billion in annual global losses from debit or credit card fraud and electronic crime associated with ATMs.

Many of the large data breaches that have occurred over the past few years may have contributed to ATM fraud. When criminals hack databases full of credit and debit card numbers they then use that information to pull the victims bank account cash out at an ATM.

It’s simple enough to hack into a database and compromise cards and pins.It’s even easier to affix hardware to the face of an ATM machine and do the same. Once the data is compromised the identity thieves clone cards and turn the data into cash as quickly.

ATM skimming comes in two flavors. In the first scenario, a device called a “skimmer” is placed on the face of an operational ATM. When a card is swiped, the skimmer records the data on the card, and a hidden camera hidden in a brochure holder or security mirror or sans camera with a keypad overlay records the PIN. Usually, money is dispensed and the user is none the wiser.

In the second scenario, a used ATM is rigged to record data, and placed in a public area. These ATMs are only semi-operational and do not dispense cash. These used ATMs can be purchased easily on the second-hand market at bargain prices.​

The following are ways of protecting yourself from ATM Skimming;

  1. Scrutinize the ATM:This means every ATM, even ones from your bank. You also want to check any of the card sliders like ones at gas stations, etc, especially if you’re using your debit card. If the scanner does not match the color and style of the machine, it might be a skimmer. You should also “shake” the card scanner to see if it feels like there’s something attached to the card reader on the ATM.
  1. Cover the keypad when entering your PIN:In order to access your bank accounts, thieves need to have your card number and your PIN. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.
  1. Check your bank and credit card statements often:If someone does get your information, you have 60 days to report any fraudulent charges to your credit card company in order not to be charged. For a debit card, you only have about 2 days to report any suspicious activity.
  1. Be choosy:Don’t use general ATMs at bars or restaurants. These are not usually monitored and therefore, can be easily tampered with by anyone.

 

 

Ifis Updates

Subscribe to our newsletter

You will be able to get all our weekly updates through the email you submit.

Newsletter

Subscribe to Newletter

Subscribe to our newsletter and stay updated with the latest in cybersecurity and digital forensics.