09:55 AM
How Criminals Are Using ATM Skimming to Get Your PIN & Under Your Skin
Undoubtedly, online criminals continue to become more creative (and elusive) with the tactics they are employing to steal banking, credit, and personal financial information. What’s more, one of the favored approaches by these criminals -- ATM skimming -- is causing financial institutions worldwide to lose more than $2 billion annually, according to the ATM Industry Association.
How easy is skimming? Inserting an ATM card scanner that reads banking information exactly as an ATM does, criminals can extract sensitive credit card information by reading the information from the magnetic stripe on the back of the card and recording, often with small cameras, the PIN information. The ATM Industry Association notes that these attacks have jumped by 12 percent since 2013, making it the No. 1 ATM crime globally.
Why the spike?
One would think that hackers have shifted their focus to the mobile payments world as consumers gravitate toward a more mobile-everything lifestyle. However, criminals find continued, even growing, interest in ATM skimming because it’s very hard to catch them. Unless caught in the act, it is easy for criminals to stay clear from authorities as they are constantly moving from ATM to ATM, all while cashing in incredible amounts of private banking information and customer PIN codes.
Understanding the trends and types of ATM skimming
Criminals are becoming increasingly sophisticated in creating thinner and smaller skimming devices that are harder to detect. They are also finding ways to make skimmers easier to install, and cameras to monitor PIN code input are becoming smaller and easier to hide. The innovation for thinner and smaller devices can be found in various forms, but there are four growing variations that banks and retailers should be particularly aware of:
- Bluetooth-enabled skimmers. This form has prominently cropped up in the last few years, and it's a unique variant because the device includes a Bluetooth chip that enables thieves to retrieve stolen data wirelessly. This means the attackers don’t even have to remove the skimmers physically to get the stolen data.
- Mini-skimmers. A mini-skimmer is designed to slip inside an NCR ATM’s card acceptance slot, and, with a miniaturized pin-hole camera attached to the side of the ATM, it can record each customer’s PIN code. While this is more commonly found in Europe, we anticipate this form will soon makes its way to the US.
- Stereo skimming. Stereo skimming is an old skimming technique that’s made a comeback with the advent of MP3 technology. In this attack, criminals record the data used on the magnetic stripe using audio technology.
- 3D-printed skimmers. 3D printers have been used by some criminals to create customized and very hard to detect skimmer devices. These specialized devices fit over the existing card reader, and because they are 3D-printed specifically for the ATM or other card reader device, like at a gas pump, they are very hard for users to detect.
Combatting ATM skimming
While mobile and online payments are certainly on the rise and the chosen method for some, it is unlikely consumers will ever completely stop using physical cards. Because of this, ATM skimming will only continue to become more sophisticated, making it imperative for banks and vendors to take action to mitigate and minimize the risk now.
New developments such as card readers that require customers to rotate their ATM cards 90 degrees or migrating to a chip-and-pin physical card solution, which can help stop counterfeit card fraud, are two alternatives to consider. In a more traditional sense, reminding users to be cautious with their ATM and debit transactions can also be an easy and effective way to flag suspicious ATM skimming activity. It can be as simple as checking to see if the card reader is secure or layered with a fraudulent device or even covering the PIN code input with a hand during their transaction.
For merchants, take a look at the recently released PCi Security Standards Council information supplement for best-practices on skimming prevention.
Diana Kelley is an internationally recognized information security expert, speaker, strategic advisor, market analyst and writer. She has over 20 years of IT security experience including: risk management development, compliance advisement, project management, systems and ... View Full Bio