ATM skimmer use on the rise

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.pnj.com/story/news/2015/02/07/atm-skimming/23060937/

Most modern consumers have been conditioned to use care with their credit
and debit card information when shopping online.

Many people use less caution with their cards in the real world, however —
a fact that enterprising thieves are learning to exploit.

Skimming, a method of stealing card information from devices such as ATMs
and gas pumps, is becoming an increasingly popular method of data theft
that already has impacted numerous local citizens.

"It's happening more and more now," Santa Rosa County Sheriff's Office
Detective Duron Nelson said of skimming incidents. "It normally happens
during the holidays and around the first of the month when retirees are
getting checks."

This week, a skimmer placed on a Navy Federal Credit Union ATM in Milton
may have jeopardized the information of many area residents.

Skimming devices are most often placed on outside ATMs in high-traffic
areas. The devices themselves are essentially overlays that fit over the
card reading slot and/or keypad on the cash machine.

When a consumer swipes their card or enters their PIN number, the fake card
reader stores information from the electronic strip. The keypad overlay, or
sometimes even tiny cameras placed directly above the keypad, captures the
users keystrokes.

"They place them there for a couple of days, then come back and remove them
to retrieve the data that's been collected," Nelson said. "Sometimes
they're sitting in the parking lot watching the data they're collecting on
a laptop."

> From there, the crooks most often sell the information — names, card
numbers, expiration dates, etc. — to other thieves through digital black
markets known as "dump sites."

"They're becoming a commodity, much like social security numbers," SRSO
Public Information Officer Rich Aloy said.

Nelson said another common scheme is for data thieves to steal inactive
gift cards from stores, then imprint them with credit card information.
Because there are no obvious signs that the cards are fraudulent, purchases
made with them don't usually raise suspicion until victims see unexplained
charges on their credit card statements.

Aloy said that being alert and proactive was the best way to avoid being
victimized.

"Take a good overall look at the machine and if anything seems off, don't
use it and notify the bank."

Federal Bureau of Investigation tips to avoid being skimmed

•Inspect the ATM, gas pump, or credit card reader before using it…be
suspicious if you see anything loose, crooked, or damaged, or if you notice
scratches or adhesive/tape residue.

•When entering your PIN, block the keypad with your other hand to prevent
possible hidden cameras from recording your number.

•If possible, use an ATM at an inside location (less access for criminals
to install skimmers).

•Be careful of ATMs in tourist areas…they are a popular target of skimmers.

•If your card isn't returned after the transaction or after hitting
"cancel," immediately contact the financial institution that issued the
card.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!