ATM skimming: how to recognise card fraud

Give it a wiggle

In Boston, law enforcement officials arrested three men in January accused of being part of an international crime effort to steal money from ATMs around Eastern Massachusetts.

In Florida, one man was arrested this month, and federal officials are seeking three others, in an ATM-skimming scheme that targeted several machines around the Tampa area and netted criminals thousands of stolen dollars.

In Europe, the European ATM Security Team reported a 129 percent increase in card skimming incidents in 2008 over the previous year. A total of 10,302 cases were reported.

Stories about ATM skimming schemes have become common in news headlines lately. According to the Secret Service, the crime is responsible for about $350,000 of monetary losses each day in the United States and is considered to be the number one ATM-related crime. Trade group Global ATM Security Alliance estimates that skimming costs the U.S.-banking industry about $60 million a year.

What is skimming?

According to the ATM Industry Association, card skimming, which can also occur on other types of point-of-sale devices, is defined as 'the unauthorized capture of magnetic stripe information by modifying the hardware or software of a payment device, or through the use of a separate card reader.' Crooks often also capture PIN data and then create dummy cards in order to drain a victim's account. The funds are often not taken until several months later, according to Terrie Ipson, an ATM security expert with Diebold (Read about how one ATM skimming scheme was foiled at last year's DefCon conference).

"A lot of skimming attacks are conducted by highly-organized groups," said Ipson. "The card [data] could be held for several months."

The effects of this crime have implications for both consumers, who lose their money, and businesses, who often suffer a blow to their image, or even their reputation for security, if one of their machines is affected. ATM security experts urge customers using machines, and businesses maintaining them, to develop secure habits, and be on the look out for the following scams and tactics often used in skimming schemes:

Look for fake readers placed over card slots

Ipson recommends using an ATM you are familiar with so you know what it should look like and check it to make sure that it is solid and sturdy. Criminals often place fake readers that look like real ones over the slot where the card is placed or swiped. This captures the card information. But if you have your eye out for them, they are sometimes easy to spot.

"Put your hands on it and see if you can wiggle it," advises Ipson.

Criminals will sometimes also place signs that say "No Tampering" in machines to discouraged concerned users who sense something amiss from trying to explore further. Other fake machinery may also include a PIN pad placed over the real one in order to capture PIN information (Read about a Russian plot that involved hacking ATMs with trojan software).

Cover your PIN

Another way skimmers get PIN info is by installing small, hidden cameras somewhere inside the machine. They can be in the wall, or even hiding inside marketing materials, like pamphlets which appear to be innocently sitting off to the side.

Ipson says a good habit to get into is covering your PIN with your hand, even when you are alone. This may prevent a camera from detecting it and may also stop another type of scam: Shoulder surfing, which is done by a person who lurks nearby that is part of the scam who records your PIN for later use.

Avoid overly helpful people

Another way crooks get PIN numbers is by hanging out near or inside an ATM and offering help when the unit fails to "work." The scam involves capturing the card and the victim is perplexed as to why the machine is having problems. A helpful bystander will offer to help and ask for the person's PIN. Of course, once they have it, the card is as good as theirs.

Monitor accounts regularly

Failing all else, if you are hit by a skimming scam, your best defense is awareness of your own financial accounts. Regular monitoring will keep you on top of any suspicious activity that may occur as the result of a compromised account. Reporting fraudulent activity as quickly as possible gives you the best possible chance to recovering your losses.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags ATMcredit card skimming

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts