Regrettably, pretty much anything could happen to your credit card while it’s out of your sight. However, the “ATM Card Skimming and PIN capturing Awareness Guide”, while it can’t cover every possible permutation of illicit additives to your friendly local ATM, does at least offer some guidance as to what to look for.
This is actually a resource from 2009 that someone brought to my attention today. Skimming in this instance is nothing to do with separating milk, or speedreading, or even throwing stones across the lake. It's the not-so-gentle art of stealing credit (or debit) card data, normally in the course of a legitimate transaction.
A common example is where a waiter or shop assistant surreptitiously passes your card through a skimming device. And we frequently see stories of skimming devices or pinhole cameras illicitly installed on ATMs (Automatic Telling Machines) in order to steal both data from the card's magnetic strip and the four digit PIN used to authorize the transaction and validate the card user. Unfortunately, most people are going to have trouble identifying any but the crudest forms of such devices.
Regrettably, pretty much anything could happen to your credit card while it's out of your sight. However, the "ATM Card Skimming and PIN capturing Awareness Guide", while it can't cover every possible permutation of illicit additives to your friendly local ATM, does at least offer some guidance as to what to look for.
And if it only makes you think a little more carefully the next time you visit it, that's a Good Thing. And while you may not be able to spot changes made to an ATM you haven't used before, you might at least have more idea of what sort of suspicious objects to look for.
David Harley CITP FBCS CISSP
ESET Research Fellow
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at: