Security

09:55 AM
Diana Kelley
Diana Kelley
Commentary
50%
50%

How Criminals Are Using ATM Skimming to Get Your PIN & Under Your Skin

Skimming attacks have jumped by 12 percent since 2013.

Undoubtedly, online criminals continue to become more creative (and elusive) with the tactics they are employing to steal banking, credit, and personal financial information. What’s more, one of the favored approaches by these criminals -- ATM skimming -- is causing financial institutions worldwide to lose more than $2 billion annually, according to the ATM Industry Association.

How easy is skimming? Inserting an ATM card scanner that reads banking information exactly as an ATM does, criminals can extract sensitive credit card information by reading the information from the magnetic stripe on the back of the card and recording, often with small cameras, the PIN information. The ATM Industry Association notes that these attacks have jumped by 12 percent since 2013, making it the No. 1 ATM crime globally.

Why the spike?
One would think that hackers have shifted their focus to the mobile payments world as consumers gravitate toward a more mobile-everything lifestyle. However, criminals find continued, even growing, interest in ATM skimming because it’s very hard to catch them. Unless caught in the act, it is easy for criminals to stay clear from authorities as they are constantly moving from ATM to ATM, all while cashing in incredible amounts of private banking information and customer PIN codes.

Understanding the trends and types of ATM skimming
Criminals are becoming increasingly sophisticated in creating thinner and smaller skimming devices that are harder to detect. They are also finding ways to make skimmers easier to install, and cameras to monitor PIN code input are becoming smaller and easier to hide. The innovation for thinner and smaller devices can be found in various forms, but there are four growing variations that banks and retailers should be particularly aware of:

  • Bluetooth-enabled skimmers. This form has prominently cropped up in the last few years, and it's a unique variant because the device includes a Bluetooth chip that enables thieves to retrieve stolen data wirelessly. This means the attackers don’t even have to remove the skimmers physically to get the stolen data.
  • Mini-skimmers. A mini-skimmer is designed to slip inside an NCR ATM’s card acceptance slot, and, with a miniaturized pin-hole camera attached to the side of the ATM, it can record each customer’s PIN code. While this is more commonly found in Europe, we anticipate this form will soon makes its way to the US.
  • Stereo skimming. Stereo skimming is an old skimming technique that’s made a comeback with the advent of MP3 technology. In this attack, criminals record the data used on the magnetic stripe using audio technology.
  • 3D-printed skimmers. 3D printers have been used by some criminals to create customized and very hard to detect skimmer devices. These specialized devices fit over the existing card reader, and because they are 3D-printed specifically for the ATM or other card reader device, like at a gas pump, they are very hard for users to detect.

Combatting ATM skimming
While mobile and online payments are certainly on the rise and the chosen method for some, it is unlikely consumers will ever completely stop using physical cards. Because of this, ATM skimming will only continue to become more sophisticated, making it imperative for banks and vendors to take action to mitigate and minimize the risk now.

New developments such as card readers that require customers to rotate their ATM cards 90 degrees or migrating to a chip-and-pin physical card solution, which can help stop counterfeit card fraud, are two alternatives to consider. In a more traditional sense, reminding users to be cautious with their ATM and debit transactions can also be an easy and effective way to flag suspicious ATM skimming activity. It can be as simple as checking to see if the card reader is secure or layered with a fraudulent device or even covering the PIN code input with a hand during their transaction.

For merchants, take a look at the recently released PCi Security Standards Council information supplement for best-practices on skimming prevention.

Diana Kelley is an internationally recognized information security expert, speaker, strategic advisor, market analyst and writer. She has over 20 years of IT security experience including: risk management development, compliance advisement, project management, systems and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
10/27/2014 | 9:33:10 PM
Re: Millions of ATMs
Yeah those skimming devices are supposed to be very cheap, so it's a pretty easy set up for them.
Byurcan
50%
50%
Byurcan,
User Rank: Author
10/24/2014 | 11:02:24 AM
Re: Millions of ATMs
Yeah, it definitely does not get much hype in the news emdia, as compared to data breaches, cyber attacks, etc. But obviously it is still a very lucrative business for criminals.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
10/23/2014 | 4:49:15 PM
Re: Millions of ATMs
Raising consumer awareness would probably help. I feel like people are very unaware of ATM skimming even though it is one o fthe more common forms of fraud.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/23/2014 | 4:09:40 PM
Millions of ATMs
it's amazing that skimming continues to grow, despite all of the efforts of banks. with millions of ATMs to protect, it is easy to see how this type of fraud can continue.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.