ATM skimming: how to recognise card fraud

Give it a wiggle

In Boston, law enforcement officials arrested three men in January accused of being part of an international crime effort to steal money from ATMs around Eastern Massachusetts.

In Florida, one man was arrested this month, and federal officials are seeking three others, in an ATM-skimming scheme that targeted several machines around the Tampa area and netted criminals thousands of stolen dollars.

In Europe, the European ATM Security Team reported a 129 percent increase in card skimming incidents in 2008 over the previous year. A total of 10,302 cases were reported.

Stories about ATM skimming schemes have become common in news headlines lately. According to the Secret Service, the crime is responsible for about $350,000 of monetary losses each day in the United States and is considered to be the number one ATM-related crime. Trade group Global ATM Security Alliance estimates that skimming costs the U.S.-banking industry about $60 million a year.

What is skimming?

According to the ATM Industry Association, card skimming, which can also occur on other types of point-of-sale devices, is defined as 'the unauthorized capture of magnetic stripe information by modifying the hardware or software of a payment device, or through the use of a separate card reader.' Crooks often also capture PIN data and then create dummy cards in order to drain a victim's account. The funds are often not taken until several months later, according to Terrie Ipson, an ATM security expert with Diebold (Read about how one ATM skimming scheme was foiled at last year's DefCon conference).

"A lot of skimming attacks are conducted by highly-organized groups," said Ipson. "The card [data] could be held for several months."

The effects of this crime have implications for both consumers, who lose their money, and businesses, who often suffer a blow to their image, or even their reputation for security, if one of their machines is affected. ATM security experts urge customers using machines, and businesses maintaining them, to develop secure habits, and be on the look out for the following scams and tactics often used in skimming schemes:

Look for fake readers placed over card slots

Ipson recommends using an ATM you are familiar with so you know what it should look like and check it to make sure that it is solid and sturdy. Criminals often place fake readers that look like real ones over the slot where the card is placed or swiped. This captures the card information. But if you have your eye out for them, they are sometimes easy to spot.

"Put your hands on it and see if you can wiggle it," advises Ipson.

Criminals will sometimes also place signs that say "No Tampering" in machines to discouraged concerned users who sense something amiss from trying to explore further. Other fake machinery may also include a PIN pad placed over the real one in order to capture PIN information (Read about a Russian plot that involved hacking ATMs with trojan software).

Cover your PIN

Another way skimmers get PIN info is by installing small, hidden cameras somewhere inside the machine. They can be in the wall, or even hiding inside marketing materials, like pamphlets which appear to be innocently sitting off to the side.

Ipson says a good habit to get into is covering your PIN with your hand, even when you are alone. This may prevent a camera from detecting it and may also stop another type of scam: Shoulder surfing, which is done by a person who lurks nearby that is part of the scam who records your PIN for later use.

Avoid overly helpful people

Another way crooks get PIN numbers is by hanging out near or inside an ATM and offering help when the unit fails to "work." The scam involves capturing the card and the victim is perplexed as to why the machine is having problems. A helpful bystander will offer to help and ask for the person's PIN. Of course, once they have it, the card is as good as theirs.

Monitor accounts regularly

Failing all else, if you are hit by a skimming scam, your best defense is awareness of your own financial accounts. Regular monitoring will keep you on top of any suspicious activity that may occur as the result of a compromised account. Reporting fraudulent activity as quickly as possible gives you the best possible chance to recovering your losses.

Read more about data protection in CSOonline's Data Protection section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags ATMcredit card skimming

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joan Goodchild

CSO (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?