Always Providing You With Ongoing Information

Posts tagged ‘ATM’

Spotting Card Skimmers

Image result for card skimmers

Skimmers are malicious card readers attached to the real payment terminals so that they can steal data from every person that swipes their cards. The thief often has to come back to the compromised machine to pick up the file containing all the stolen data, but with that information in hand he can create cloned cards or just break into bank accounts to steal money. Skimmers often don’t prevent the ATM or credit card reader from functioning properly, making them harder to detect.

Even if the cards have a chip, the data will still be on the card’s magnetic strip to be backwards compatible with systems that can’t handle the chip, he told us. Some merchants still require customers to use the magstripe.

How to Spot and Avoid Credit Card Skimmers

An ATM skimmer is a small device that fits over an existing card reader. A camera may be in the card reader, mounted at the top of the ATM, or even in the ceiling. Some criminals install a fake PIN pads over the actual keyboards to capture the PIN directly, bypassing the need for a camera.

Instead of skimmers, which sit on top of the magstripe readers, shimmers (harder to spot) are inside the card readers. These are very, very thin devices and cannot be seen from the outside. When you slide your card in, the shimmer reads the data from the chip on your card, much the same way a skimmer reads the data on your card’s magstripe.


check for some obvious signs of tampering at the top of the ATM, near the speakers, the side of the screen, the card reader itself, and the keyboard. If something looks different, such as a different color or material, graphics that aren’t aligned correctly, or anything else that doesn’t look right, don’t use that ATM. The same is true for credit card readers at the checkout line or at gas stations.

Whenever possible, don’t use your card’s magstripe to perform the transaction. For credit card readers in stores, feel underneath the PIN pad for a slot to insert your card and its EMV chip to be read.


Hacker Group Colbolt Hitting The ATMs


A Hacker group named Cobalt have been attacking ATMs in more than a dozen countries in Europe and Asia, including the U.K. and Russia. The “smash and grab” attacks were coordinated from unknown command centers. They don’t require any physical tampering of the ATMs but the hackers do need someone to be present when the attack happens so they can collect the wads of cash from the ATM.  Hackers attack huge numbers of ATMs at the same time because they know they can be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.

A key threat is when cyber criminals commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services,says Dmitry Volkov, Group IB’s head of the investigation.

Skimmers -Becoming Smaller & Thinner



ATM skimmers have become miniscule and  thinner, with an extended battery life. Several miniaturized fraud devices have been pulled from compromised cash machines at various ATMs in Europe so far this year.

According to a new report from the European ATM Security Team (EAST), a novel form of mini-skimmer was reported by one country. Pictured below is a device designed to capture the data stored on an ATM card’s magnetic stripe as the card is inserted into the machine. Most card skimmers sit directly on top of the existing card slot, the newer mini-skimmers fit snugly inside the card reader throat.  These newer skimmers are difficult to detect.

The card skimmer (left) and the hidden camera, disguised as a panel above the PIN pad. Images: EAST.

Mobile-powered skimmers allow thieves to have the stolen card data relayed via text message, meaning they never need to return to the scene of the crime once the skimmer is in place. MP3-based skimmers capture card data as audio waves that specialized software can later convert into card data.

This wafer-thin overlay skimmer includes a high-quality finish.


ATM skimmers are still a problem in Europe, even though practically all cash machines there only accept cards that include so-called “chip & PIN” technology. Chip & PIN, often called EMV (short for Eurocard, MasterCard and Visa), is designed to make cards far more expensive and complicated for thieves to duplicate.

Regrettably, the United States is the last of the G-20 nations that has yet to transition to chip & PIN, which means most ATM cards issued in Europe have a magnetic stripe on them for backwards compatibility when customers travel to this country. Quite Naturally, ATM hackers in Europe will ship the stolen card data over to thieves here in the U.S., who then can encode the stolen card data onto fresh (chipless) cards and pull cash out of the machines here and in Latin America.

Countries where the ATM EMV rollout has been completed most losses have migrated away from Europe and are mainly seen in the USA, Asia-Pacific, and Latin America.

One of the easiest ways to protect yourself from ATM skimmers is to cover the PIN pad when you enter your digits.

Hackers Forcing ATMs To Spew Out Cash



Just By Texting

There is a calling for businesses and home users to upgrade their Windows XP systems. there is a new technique surfacing in Mexico whereby hackers are able to tap into ATMs by texting.

ATMs are computers that control access to cash, and about 95 percent of them run on versions of Windows XP.  Windows XP is slated end April 8, 2014 and the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet. Hackers are targeting ATMs with increasingly sophisticated techniques. 

ATM malware in Mexico, allowed hackers at ATMs to spew cash on demand using an external keyboard. That threat was named Backdoor.Ploutus. Some weeks later, it was discovered that a  new variant which showed that the malware had evolved into a modular architecture. The new variant was also localized into the English language, suggesting that the malware author was expanding their franchise to other countries. The new variant was identified as Backdoor.Ploutus.B. The variant of Ploutus  allowed hackers to  send an SMS to the compromised ATM, then walk up and collect the dispensed cash.  This technique is being used in a number of places across the world at this time.


Modern ATMs have enhanced security features, such as encrypted hard-drives, which can prevent these types of installation techniques. However, for older ATMs still running on Windows XP, protecting against these types of attacks is more challenging, especially when the ATMs are already deployed in all sorts of remote locations. Another difficulty that needs to be addressed is the physical security of the computer inside the ATMs. While the ATM’s money is locked inside a safe, the computer generally is not. Without adequate physical security for these older ATMs, the attacker has the upper hand.  

Ways to make it difficult for hackers include

  • Upgrading to a supported operating system such as Windows 7 or 8
  • Providing adequate physical protection and considering CCTV monitoring for the ATM
  • Locking down the BIOS to prevent booting from unauthorized media, such as CD ROMs or USB sticks
  • Using full disk encryption to help prevent disk tampering
  • Using a system lock down solution such as Symantec Data Center Security: Server Advanced (previously known as Critical System Protection)

No Pins , No Passwords


SmartMetric  authentication scanner is  the world’s first and only fingerprint scanner inside a credit card.The SmartMetric authentication solution that has a fully functional self powered fingerprint reader built inside a credit card, the company President says ” this is a game changing technological leap that will save financial institutions around the world Billions from fraud.”But like many so called “overnight” successes and breakthrough technologies, SmartMetric has doggedly pursued the development of this technology for a decade. The SmartMetric solution was created to work with existing ATM and in store payment machines using the EMV standard chip on card interface. A person can just  simply touche their credit card, a scan is made of their fingerprint and if it is the card owner, then the EMV chip is activated to then work in a standard ATM or retail POS machine. Saying goodbye to old passwords and pins.


3D Printing & Bank Skimmers



A gang of bank ATM skimmers in Australia used new 3D printing technology to make skimming devices that were then used to steal around $100,000. New South Wales police force has said that thousands of customers from two banks were fleeced after at least 15 ATMs were targeted.

The gang, which the police suspects is Romanian, is said to have used “sophisticated” devices using 3D printers and computer-aided design (CAD) systems. Detective superintendent Col Dyson, commander of the New South Wales fraud and cybercrime squad, told iTnews the alleged gang used one particularly “sophisticated” skimming device that was entirely self-contained and accompanied by a tiny video camera. 

Dyson said, “These devices are actually manufactured for specific models of ATMs so they fit better and can’t be detected as easily.”

He told iTnews, “Previous devices have always had wires hanging off them. One of the ones used in this case does have wires hanging off it, that’s because of the design of the ATM. But the smallest one is quite impressive in that it is contained within a resin block and sealed.”


The Next Generation ATM’s


The latest ATM’s include features like video chatting with a live teller, receiving change and more.

Bank of America’s new Teller Assist machines, for example, allow a customer to swipe a debit or credit card, driver’s license or photo ID for authentication. A live teller will then surface on the screen to assist the user.

The machines are supposed be able to perform about 80% of the services a traditional teller can.

Tag Cloud

%d bloggers like this: