ATM Skimmers - The problem and its solution

About the ATM Skimmers and its business problem:

Skimmers are card readers that grabs the data from magnetic card stripe attached to the real payment terminals so that criminals can create cloned cards to steal money from the bank account. A successful skimming requires both a card skimmers (readers) and camera (to capture PIN) in order to steal card data. Criminal can easily capture your credit/debit card information with ATM skimmers. It is a device that fits inside or top of the ATM card acceptance slot to extracts the information stored in ATM magnetic stripe and additionally, uses hidden camera to capture PIN details while typing on keypad and then gains full access of your bank account. The card details would be sent to the criminal through Bluetooth/Wireless or physically to clone the cards as a next steps. The electronics data is encoded onto fraudulent cards and PINs are used to withdraw money from the customer’s bank account.

Solution and best practices:

  • Use secure ATM machines under video surveillance or inside of the bank premises as it is more difficult to attach ATM skimmers
  • Pay more attention to what the cards reader and keypad normally look like on the ATMs you use most often
  • Always use your hand to safeguard your PIN while entering it at the ATM, it’s one of the easiest and most effective ways to protect yourself from an ATM skimmer’s hidden camera
  • Don’t use an ATM if the card reader appears to be added on, not fitted poorly, or loose. Some thieves place a fake box over the card slot that reads and records account and PIN numbers
  • Call the customer service number available on the ATM immediately if a machine appears suspicious or if it does not function properly
  • Timely reporting is very important in cases of fraud, so be sure to keep an eye on your debit and credit card transactions
  • Report the issue with the bank/local law enforcement of you suspect a ATM skimmer upon all observations
  • Unscrupulous employees of a restaurant might have handheld skimmers that you’ll never see. Or they might put out POS terminals that are really skimmers in disguise

Facts on ATM skimming attacks and trends:

  • Length of the skimming time can vary, but normally it is no more than for 24 hours
  • Criminal may stay nearby to observer proceedings and remove equipment at short notice in order to download the information
  • In some cases this data may be transferred wirelessly to other devices located nearby
  • Skimming devices are normally affixed to ATMs during low traffic hours e.g. early mornings/late evenings
  • Skimming attacks on ATMs increased at an alarming rate last year for both American and European banks and their customers, according to recent stats collected by fraud trackers
  • The trend appears to be continuing into 2016, with outbreaks of skimming activities visiting a much boarding swath of the United States than in years past
  • More than $2 billion in losses (and rising) at ATMs around the world
  • 33 percent of all the fraud incidents linked to skimming crime
  • 98 percentages of all loses resulting from skimming crime

Authored by Kiran Kanapala

TCS Enterprise Security and Risk Management

Rate this article: 
Average: 3 (2 votes)
Article category: 

There are 2 Comments

The advice given in the article is very good, however what it doesn't cater for, are disabled persons were either there dexterity or physical disablement precludes the advice given.  It's not an easy solution, though I would proffer it's down to the discipline of the card user.  
By using an ATM in a bank or within area you trust, or when shopping on line, do ensure your password is regularly changed and the complexity is always a key factor.  It could mean that you reduce your places to shop, but it's better than having your card compromised and another step towards protecting your personal information.
And why do I take this approach, I've been disabled for 12 years now.  Being 100% secure is a falacy, security is 24x7 and the biggest threat now is  the Cyber Criminal.  They have no feelings towards the individual, money is their driver!!

ATM skimmers have become very sophisticated.  Advanced skimmers can be inserted through the card slot and seat themselves internally in a way that is entirely undetectable by eye.  The hackers have a tool that allows them to insert and extract the skimmer.  As indicated in the article, a camera is an essential component of the ATM hack.  The camera has to be mounted on the ATM machine above the keypad.  A common approach it to place a laminate with embedded camera on the frame of the ATM immediately above the screen and keypad.  Such a modification would be visible.  I have taken a photo of the ATM machines that I commonly use and compare the machine and the photo.  And, of course, I do use my hand to cover my key strokes.  I do this by using my thumb only under the cover of my hand. A little slower, but only requires one hand to enter the pin.  The other self-protection practice: Check activity on every one of your accounts, everyday.  Take advantage of banking and credit card automatic alerts for transaction activity.