Posts

ATM Skimming rising, again

Do you know what ATM stands for? For crooks, it stands for A Thief’s Moneymaker.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813A new report from FICO says that “skimming” crimes have made their biggest spike in the past 20 years. This includes ATMs on bank premises, but of course, public ATM kiosks have seen the biggest spike.

The thief tampers with the ATM’s card receiver; the installed gadget collects card data which the thief retrieves later. “Skimming,” as this is called, also refers to capturing the PIN via a hidden camera.

With the stolen data, thieves craft phony debit cards, which they then use at ATMs or for purchases. In seconds, your bank account could be sucked dry—poof!

ATM users normally do not know that a skimming device is in place; they just swipe their card. The thief will come back to collect the skimmed data (likely in the middle of the night).

  • He downloads your data.
  • He burns it to a blank ATM card.
  • He drains your bank account first chance he gets or goes on a wild shopping spree.
  • All of this can happen within minutes to hours.
  • The hidden camera may be concealed by a brochure slot near the machine—placed there by the crook himself—with bank brochures he got from inside the bank.
  • The camera may be hidden in a nearby lighting fixture or even attached somewhere on the ATM.

Prevent Getting Skimmed

  • Use only ATMs inside banks if possible. The riskiest locations are restaurants, bars, nightclubs and public kiosks.
  • Regardless of ATM location, inspect the machine. A red flag is if the scanner’s colors don’t jibe with the rest of the machine.
  • Jiggle the card slot to see if it feels like something’s attached to it.
  • Inspect card slots at gas stations and other non-ATM devices that scan your debit card.
  • Look around for areas a camera might be hidden. Even if all seems clear, cover your hand when you enter the PIN.
  • Try to get away from using a debit card at all. At least with a credit card, you can dispute fraudulent charges before you lose any money (up to 60 days), but with a credit card, you have only a few days to do this.
  • Frequently check your bank and credit card statements.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

What is ATM Skimming?

Ever hear of a crime called skimming? It may not be as dramatic a crime as assault or Ponzi schemes, but it can cause significant problems to you as your  savings account can be wiped out in a flash.

4HPicture a scrawny nerd tampering with an automated teller machine (ATM)—the machine you use with your debit card to get cash. The thief places a device over the slot through which you slide your debit card. You have no idea it’s there. You swipe your card, and the device “skims” or reads your card’s information. In the middle of the night, the thief creeps back, removes the skimming device, downloads your data, burns it to a blank ATM card, makes a fat withdrawal and goes home with the loot. Or they could download your information from the skimmer and then use your information to make online purchases or access your account. Either way, they could clean you out before you wake up next morning!

Now, to be successful, the criminal not only needs a skimming device, they also need to attach a tiny wireless camera to capture your PIN.  These cameras are usually concealed in the lighting fixture above the keypad, in a brochure near the machine, or attached directly to the ATM.

To protect yourself from being skimmed, and generally staying safe when using your debit or credit cards, follow these tips:

  • Scrutinize the ATM. This means every ATM, even ones from your bank. You also want to check any of the card sliders like ones at gas stations, etc, especially if you’re using your debit card. If the scanner does not match the color and style of the machine, it might be a skimmer. You should also “shake”  the card scanner to see if it feels like there’s something  attached to the card reader on the ATM.
  • Cover the keypad when entering your PIN. In order to access your bank accounts, thieves need to have your card number and your PIN. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.
  • Check your bank and credit card statements often. If someone does get your information, you have 60 days to report any fraudulent charges to your credit card company in order not to be charged. For a debit card, you only have about 2 days to report any suspicious activity.
  • Be choosy. Don’t use general ATMs at bars or restaurants. These are not usually monitored and therefore, can be easily tampered with by anyone.

Stay safe from skimming!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Protect your Cards from Multiple Kinds of Skimmers

PIN may sometimes stand for pilfered identification number if a hacker gets yours. And it’s easier than ever for thieves to get your PIN from an ATM, coming up with clever ways to beat security technology.

2CThe “primitive” way to get your card number is to manually place a phony card reader over an ATM card reader and then come back to retrieve it. Now it’s being done wirelessly via Bluetooth and SMS tech built into the skimmer. Coupled with wireless cameras and keypad overlays, getting your PIN is easier than ever.

They’re also brazen enough to land jobs that will grant them ATM access; they then install malware that can transmit your PIN to their personal device. PIN hacking’s memory chips and transmitters are thinner and lighter these days, making them go undetected.

The crime of ATM skimming racks up $350,000 a day.

  • Wedge skimming. An employee runs a card through a card reader tool that transfers data from the card’s stripe. The crook downloads this to his device, then burns the data onto a phony card or uses the data to place online or phone orders.
  • Fake ATMs. The crook installs the phony machine in a place that will attract users like a saucer of honey will attract bees. The machine will read and copy tons of data.
  • ATM skimming. The thief fits a card reader onto an ATM or gas pump card reader. The very inconspicuous reader may have wireless technology. This crime often comes with installation of secret pinhole cameras nearby to capture the consumer’s PIN.
  • Data intercepting. A thief poses as a gas pump serviceman and unlocks it with special keys, then plants a device inside that reads all the customer cards’ unencrypted information.
  • Point of sale swapping. The skimming device is placed at the terminal where you make a purchase. Even busy places like McDonald’s have been targeted.

These smart criminals can copy skimmed credit card data on gift cards, blank cards, hotel cardkeys or white cards, the latter being quite useful at self-checkouts. Protection comes in the form of:

  • Anti-Skim Security built into the ATM from the factory or as an add-on solution, which is installed inside the machine
  • Checking your statements every day via a smartphone app or every week online or monthly via your paper statement for suspicious transactions
  • Challenging questionable transactions right away
  • When entering your PIN, conceal the keypad with your other hand
  • After handing an employee your card, keeping a close eye on it. Don’t let the employee leave your site with your card.

A crook (often a store employee in this case) can also nab your data with a handheld skimming device like the “wedge” listed above.

The Many Faces of Skimming

  • Remember, the phony skimming device that’s attached to the card reader goes undetected by the consumer, unless the consumer is well-versed in this kind of crime and knows what to look for.
  • The crooked employee gets your information, then sells it.
  • Thieves can now get the data via wireless technology like Bluetooth, eliminating the risk of getting caught at the machine.
  • Pinhole cameras can be placed anywhere close by, such as in a brochure holder.
  • A crook may place a data capturing device over the keyboard to get PINs.

Get familiar with the ATM you use—because you should be using the same one so that it will be easier to spot something different about it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Cloud-Based ATMs Coming Your Way

Criminals often target cash machines, as well as various other automated kiosks that dispense DVDs, tickets, or other merchandise. They have discovered numerous techniques for compromising these devices. According to the ATM Industry Association (ATMIA), ATM fraud alone results in over a billion dollars in losses each year.

But manufacturers are fighting back.

Diebold, a security systems corporation and the largest ATM manufacturer in the US, has developed a prototype for a “virtualized ATM.” The new machines will utilize cloud technology to enhance security, mitigate fraud, and improve operational efficiency, delivering an optimal consumer experience.

Unlike traditional ATMs, these new machines will contain no onboard computer. Instead, each individual terminal will be connected to a single, central server, which will provide resources to a fleet of cloud-based ATMs.

This advancement will give banks and ATM operators greater control over multiple machines. Servicing the new ATMs will be easier and more efficient, with more updates and less downtime.

For consumers, the most noticeable differences will be better service and security. Over time, the savings in operating cost can be put toward upgrades in card technologies, near field communication, and possibly even biometrics.

The emergence of cloud technologies will speed up the adoption of many new, more convenient and streamlined offerings. The future is here, and it’s fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Security Threat Concerns ATM Industry

Today, there are over 2.2 million ATMs worldwide, and by 2015 there will be around 3 million. ATM skimming accounts for as much as 30% of all data theft. That’s about $350,000 in fraud every day in the United States alone, or more than a billion dollars a year.

The ATM Industry Association is now attempting to address the security threat posed by decommissioned ATMs, urging ATM deployers to exercise more caution when discarding old machines.

This is partially in response to recent media reports about criminals who hunt for discarded ATMs in junkyards. Old ATMs sometimes contain stored card data. Criminals can study a discarded ATM’s security features in order to improve their own skimming techniques. The faces of old ATMs can also be used to mold plastic covers for skimming devices.

In some cases, used ATMs are purchased on eBay or Craigslist, then installed anywhere with ample foot traffic. These machines, which may be powered by car batteries or simply plugged into the nearest outlet, are programmed to read and copy credit card data. I was able to find a used ATM on Craigslist, which I bought from a guy at a bar for $750.

Protect yourself from ATM skimming by checking your credit and debit card statements online at least once every two weeks, and refuting any unauthorized transactions within 30 or 60 days.

When using an ATM, pay close attention to the appearance and behavior of the machine. Look for red flags like wires, tape, unusual features, or anything that seems out of place. Try to avoid using generic ATMs in less secure locations. Whenever possible, choose an ATM at a more trustworthy and secure location, but do not drop your guard simply because an ATM is located in a bank. And when entering your PIN, use your other hand to cover the keypad.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss ATM skimming on Fox Boston. (Disclosures)

Dumb Criminal Tries To Guess PIN 50 Times

What do you do when you are picked up in a cab and the driver suspects your home will be vacant while you are gone?

The Manchester Evening News reports “A BUNGLING burglar went to the same ATM more than 50 times – to try and guess the PIN numbers of bank cards he had stolen. He thought he might strike it lucky if he kept on putting in random sets of four numbers into the ATM machine. But, with the odds of correctly guessing a card’s PIN number ranked at one in 10,000, and he never managed to make a single withdrawal.”

Police believe the dumb criminal may have used his job as a taxi driver to pick out homes where he had picked people up and he would then return to at night and break into. He pleaded guilty to eight counts of burglary and was jailed for three years four months.

Whenever I’m picked up in a cab from my home I always get on the phone and fake or make a real call and say “Bill, can you make sure when I’m gone that the Dog stays in the house? He got out again and bit someone bad, there was blood everywhere, and please set the home alarm, and I’ll only be gone a short time this is just a shuttle”.

This puts enough doubt in the mind of the cabbie to choose my home as his next target.

Get the new ADT Pulse™ system which has 5 ways to turn on/ off the system including a wired keypad, touchpad, iPhone app, remote control and a PC.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.