New ‘slimline’ ATM skimmers are proving far harder to spot – with some of the hi-tech models remaining in place for up to five days before banks are alerted, and equipped with hi-tech extras such as cameras to spy on users’ PIN codes.
New ‘slimline’ ATM skimmers are proving far harder to spot – with some of the hi-tech models remaining in place for up to five days before banks are alerted, according to a report released by a European ATM security group.
The report is based on crime updates from 19 countries in Europe – and highlights a technological arms race which has seen card fraud migrate to areas such as the U.S.
In four European countries, criminal gangs are using malicious software to overwhelm ATMs – and one European country has seen machines uprooted and their internal workings removed and rebuilt by criminals before being replaced. These machines are known as “ghost terminals.”
Red Orbit reports that some hi-tech models of ATM skimmer even come with a tiny concealed camera which monitors button-presses on the PIN keypad, so the device can steal card data and PIN numbers at once.
Veteran security reporter Brian Krebs dissected some of the latest ATM skimmers on his blog, Krebs on Security – noting that as well as cameras and housings made of stealthy translucent plastic, the devices often came with mobile phone parts attached to transmit the data from the ATM instantly.
“New versions of insert ATM skimmers (ATM skimmers placed inside the card reader throat) are getting harder to detect,” the European ATM Security Team revealed in its second European Fraud Update for 2014.
ATM Skimmers equipped with cameras and transmitters
Four countries reported the use of malware to compromise payment terminals – but overall, the EAST group reported that fraud monitoring and detection continued to be effective in Europe.
The group said, “European fraud counter-measures such as Geo-blocking, fraud monitoring capabilities and fraud detection continue to improve and most ATM related card skimming losses occur outside Europe and are migrating away from EMV Chip liability shift areas.”
Losses are now concentrating in other territories outside Europe – with the USA the top location for such attacks, followed by Thailand and Indonesia.
ESET Senior Research Fellow David Harley offers a detailed commentary on some of the technological issues underlying card fraud, particularly in America in a We Live Security blog post this month.