How to Spot (and Stop) ATM Skimmers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.tomsguide.com/us/how-to-spot-atm-skimmers,news-17615.html


Card skimming at automated teller machines (ATMs) is one of the most
"significant problems facing the credit-card industry" today, according to
an advisory bulletin posted online by the U.S. Secret Service.

But skimming at ATMs is as much of a problem for the customer as it is for
banks. Unless you keep your money in an old sock or under your mattress,
you probably use ATMs on a regular basis.

When you go to take a few bucks out of the ATM, the last thing you want to
worry about is some bad guy getting a hold of your checking or savings
account information and your personal identification number (PIN).

If that does happen, and you're a consumer in the United States, you'll be
reimbursed for money stolen as a result, as long as you report the theft to
the bank as soon as possible. Business customers, protected by less
regulation, may have a harder time recouping their losses.

Washington, D.C.-based security expert Brian Krebs, author of the Krebs on
Security blog, said that in 2008 — the last year for which the Secret
Service released relevant figures — estimated annual losses to ATM fraud
were about $1 billion. Those totals are almost certainly higher today.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

How ATM skimmers work

Like a legitimate card reader, an ATM skimmer captures the card's data,
including the account number associated with the card.

"The typical ATM skimmer is a device that fits over the top of a card
acceptance slot, and in some cases inside the card acceptance slot," said
Krebs. It extracts "the information stored in themagnetic stripe on the
back of the card," he said.

Most of the time, scammers who glue skimmers onto an ATM will also place a
hidden camera pointed at the ATM's keyboard, or PIN pad, to record bank
customers entering their PINs.

"It may actually be built into the card overlay device," Krebs said. "It
might be a little hidden camera pointing toward the PIN pad, or [the
scammers] will put a hidden camera directly above or to the side of the PIN
pad, pointing down at it."

But Krebs said there's another type of PIN capture device to be aware of —
one that's even sneakier than a typical skimmer-linked camera.

"That's a PIN pad overlay," he said, referring to a flexible piece of
circuit-embedded plastic that fits perfectly over the ATM's genuine PIN pad.

"Those are quite a bit harder to detect," Krebs said. "The overlay itself
is the entire bottom panel, and it records your PIN presses and passes
[them] on to the machines underneath."

Wireless data exfiltration

Skimmers use different communications technologies to get the stolen data
to the card thief. The most basic skimmer has at least one flash-memory,
battery-powered data-storage device somewhere in it.

"The thief has to come back and retrieve that device in order to get the
stolen data," Krebs said.

Yet, as with many other technologies, ATM skimmers are going wireless.

"Bluetooth … is increasingly common in some of these skimmers," Krebs said.
It "can transmit anywhere from a few dozen to a few hundred meters away
from the ATM, so the thief could be across the street in a hotel, or in the
parking lot in a car, and they don’t have to retrieve the device," he added.

Some skimmers even contain small cellular-network chips, and can send text
messages to the thieves' mobile phones. That way, the criminal behind the
skimmer can be anywhere in the world whenever a new card is swiped.

Once all the necessary data is captured, the stolen information is sold in
criminal bazaars, and then imprinted on counterfeit credit or debit cards
and used anywhere in the world — until the card-issuing bank catches on.

How to stay safe from ATM skimmers

How do you stop the bad guys from capturing your PIN? If you're confronted
by a hidden camera, it's pretty simple: Cover your hand when you enter the
number sequence on the PIN pad.

However, that technique won't work against a PIN-pad overlay, Krebs said,
adding that thieves don't often use PIN-pad overlays because they're very
expensive.

Krebs said you have a greater chance of being the victim of an ATM skimmer
on the weekend than during the week, because criminals typically install
their devices on Saturdays or Sundays after banks have closed. They don't
want savvy customers finding their skimmers and alerting bank employees
immediately.

Here are five ways to make sure you're not a victim of ATM skimmers.

1. Look around the ATM vestibule for places where a scammer could hide a
tiny camera, such as a brochure rack, Krebs said.

2. Take a close look at the keypad. Try to see if there is a fake overlay
on top of it. Maybe the keypad looks thicker than usual. You probably won't
be able to detect the really top-notch PIN-pad overlays, but it doesn't
hurt to check.

3. Look over the entire ATM for parts that don't match in styling, color or
material. Krebs said scammers sometimes place a fascia (a large
form-fitting mold) over the business area of the original ATM. The fascia
will contain the skimmer and camera.

4. Try to jiggle the card reader. If it moves, so should you — to another
ATM.

5. Cover your hands when you enter your PIN. It's one of the easiest and
most effective ways to protect yourself from an ATM scammer's hidden camera.

The best way, however, can't be taught.

"It helps to trust your gut," Krebs said. "If you see something that
doesn't look right, consider going to another ATM."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.