ATM Skimming rising, again

Do you know what ATM stands for? For crooks, it stands for A Thief’s Moneymaker.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813A new report from FICO says that “skimming” crimes have made their biggest spike in the past 20 years. This includes ATMs on bank premises, but of course, public ATM kiosks have seen the biggest spike.

The thief tampers with the ATM’s card receiver; the installed gadget collects card data which the thief retrieves later. “Skimming,” as this is called, also refers to capturing the PIN via a hidden camera.

With the stolen data, thieves craft phony debit cards, which they then use at ATMs or for purchases. In seconds, your bank account could be sucked dry—poof!

ATM users normally do not know that a skimming device is in place; they just swipe their card. The thief will come back to collect the skimmed data (likely in the middle of the night).

  • He downloads your data.
  • He burns it to a blank ATM card.
  • He drains your bank account first chance he gets or goes on a wild shopping spree.
  • All of this can happen within minutes to hours.
  • The hidden camera may be concealed by a brochure slot near the machine—placed there by the crook himself—with bank brochures he got from inside the bank.
  • The camera may be hidden in a nearby lighting fixture or even attached somewhere on the ATM.

Prevent Getting Skimmed

  • Use only ATMs inside banks if possible. The riskiest locations are restaurants, bars, nightclubs and public kiosks.
  • Regardless of ATM location, inspect the machine. A red flag is if the scanner’s colors don’t jibe with the rest of the machine.
  • Jiggle the card slot to see if it feels like something’s attached to it.
  • Inspect card slots at gas stations and other non-ATM devices that scan your debit card.
  • Look around for areas a camera might be hidden. Even if all seems clear, cover your hand when you enter the PIN.
  • Try to get away from using a debit card at all. At least with a credit card, you can dispute fraudulent charges before you lose any money (up to 60 days), but with a credit card, you have only a few days to do this.
  • Frequently check your bank and credit card statements.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

What is ATM Skimming?

Ever hear of a crime called skimming? It may not be as dramatic a crime as assault or Ponzi schemes, but it can cause significant problems to you as your  savings account can be wiped out in a flash.

4HPicture a scrawny nerd tampering with an automated teller machine (ATM)—the machine you use with your debit card to get cash. The thief places a device over the slot through which you slide your debit card. You have no idea it’s there. You swipe your card, and the device “skims” or reads your card’s information. In the middle of the night, the thief creeps back, removes the skimming device, downloads your data, burns it to a blank ATM card, makes a fat withdrawal and goes home with the loot. Or they could download your information from the skimmer and then use your information to make online purchases or access your account. Either way, they could clean you out before you wake up next morning!

Now, to be successful, the criminal not only needs a skimming device, they also need to attach a tiny wireless camera to capture your PIN.  These cameras are usually concealed in the lighting fixture above the keypad, in a brochure near the machine, or attached directly to the ATM.

To protect yourself from being skimmed, and generally staying safe when using your debit or credit cards, follow these tips:

  • Scrutinize the ATM. This means every ATM, even ones from your bank. You also want to check any of the card sliders like ones at gas stations, etc, especially if you’re using your debit card. If the scanner does not match the color and style of the machine, it might be a skimmer. You should also “shake”  the card scanner to see if it feels like there’s something  attached to the card reader on the ATM.
  • Cover the keypad when entering your PIN. In order to access your bank accounts, thieves need to have your card number and your PIN. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.
  • Check your bank and credit card statements often. If someone does get your information, you have 60 days to report any fraudulent charges to your credit card company in order not to be charged. For a debit card, you only have about 2 days to report any suspicious activity.
  • Be choosy. Don’t use general ATMs at bars or restaurants. These are not usually monitored and therefore, can be easily tampered with by anyone.

Stay safe from skimming!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

ATM Security Threats Increase

ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

A recent news report of a skimming scam in Long Island, N.Y., netted thieves more than $200,000 from ATMs at five branches.

Skimming today is far more sophisticated than in the past. Skimmers can include blue tooth and texting technology that send the data to the criminal anywhere. Keypads can be compromised by devices that overlay the exiting pad and transfer the data remotely.

ATM scams and fraud go beyond skimming to crimes that are very physical such as ram raiding to remote malicious software hacks.

During the Black Hat conference a hacker demonstrated how he forced three ATMs to dispense funds by exploiting the machines’ weaknesses in the computers that operate the ATMs. He purchased machines online and discovered that the physical keys were the same for all ATMs of that type made by that manufacturer.  He used the keys to unlock a compartment of the ATM that had standard USB slots. He then inserted a program he wrote for one of the machines, commanding it to dispense all of its vault cash.

Bankinfosecurity.com published “7 Growing Threats to Financial Institutions”.

#1 Skimming; Hardware readily available online that is attached to the face of ATM records user card information and pin codes. In this case you may still be able to perform a transaction.

#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.

#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.

#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, people names, pet names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.

#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.

#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their Smartphone requesting login information.

#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.

To help combat ATM skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s Anti-Skim Solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

How to protect yourself from ATM skimming;

  1. First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.
  2. Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place, your card sticks, odd looking configurations on the ATM, wires, two sided tape.
  3. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
  4. Don’t reply to phishing or phexting emails. Just hit delete.
  5. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere. Do not drop your guard if the ATM is at a bank branch.

Robert Siciliano personal security expert to Home Security Source discussing ATM skimming on Fox Boston. Disclosures.