Slashdot Mirror

← Back to Stories (view on slashdot.org)

Visual Autopsy Of An ATM Card Skimmer

Posted by timothy on from the picture-taker-worth-a-thousand-bucks dept.

Bert64 writes "A chap at work was recently the victim of an ATM card skimmer which took his card details, cloned them and allowed the fraudster to take 550 pounds out of his account. Having tried to explain how the fraudsters can hide a camera and card reader around the ATM, he decided it would be easier to show one of them after a few drinks down the pub. He was a little surprised to find that the machine he chose had a card reader and camera in place. These were removed and analysed, we believe we have reclaimed about 800 pounds worth of kit. Result: Pictures."

17 of 880 comments (clear)

  1. Mirror in case of /. by mixy1plik · · Score: 4, Informative
    This is a bit creepy. I always wonder when I hit those run-down ATMs in the corner of convenience stores if I might have my card nabbed.
    I've stopped using some of the sketchier ATMs because of this.


    MIRROR HERE IN CASE OF A /.'ING

    1. Re:Mirror in case of /. by Blymie · · Score: 4, Informative

      In Canada, it doesn't matter whether or not the bank "wants to press charges". If a crime has been committed, the police can proceed without anyone pressing anything.

      Why?

      Well, a prime example is if the mob is threatening someone to "withdraw" his charge. In Canada, it doesn't matter _what_ the victim says, if it looks like a crime took place, charges will be laid and courts will be involved.

      I imagine this "story" about an immigrant was one of those mouth to ear stories, that tends to get altered every time it is repeated.

  2. This is how Skimmer works by maliabu · · Score: 5, Informative

    in case you're wondering:

    To accomplish this task, the thief places an electronic "skimmer" -- a card swipe device that reads the information on the card's magnetic strip -- on the ATM machine. Attached to the device, or placed discreetly elsewhere, is a small camera that captures the customer's PIN number when they enter it. The information is either collected by the device, or transmitted to a remote receiver. The thief then takes the codes and creates a counterfeit ATM card in order to empty the victim's bank account. Some skimmers can even capture the information and send it to the ATM at the same time. Since the machine works normally, the victim is unaware that they have just given a thief the key to their account. copied from here.

  3. Re:Makes you wonder by mattjb0010 · · Score: 4, Informative

    Is there any way to get your money back, or is it gone forever?

    In the terms of my credit/debit card it says if I notify the bank within a reasonable time period of unauthorized transactions I get the money back. I suspect most banks have a similar deal.

  4. Another interesting link: by amarodeeps · · Score: 5, Informative

    Saw this recently on memepool.com:

    http://www.utexas.edu/admin/utpd/atm.html

  5. Re:Makes you wonder by big_groo · · Score: 5, Informative
    This happened to my friends - luckily they were both out of town at the time, and *used* each of their bank cards. The bank gave them an automatic, free overdraft for the amount taken, but it took them about a week to get the money back. (TD Canada Trust, in case you were wondering)

    Banks are insured, y'know...but I have to wonder, if they weren't out of town (and able to prove it) would they have been so forthcoming?

  6. Re:Here is what I do by Abcd1234 · · Score: 4, Informative

    Actually, correct me if I'm wrong, but with credit cards, my understanding is that you get nailed for interest the *second* you pull the cash out, unlike purchases, where the interest is calculated at the end of the month.

  7. Re:This only works with poorly designed ATMs by Giddeon · · Score: 5, Informative

    If you look at the site amarodeeps linked to in his comment, a cardstealer like the one shown would be able to steal swipes without too much difficulty. If you haven't seen the ATM before and don't know what it is supposed to look like, it will look quite natural. Most folks don't use the same ATM often enough to remember that the card guides on the sides weren't there last time.

  8. Re:Easy as Ebay by rot26 · · Score: 5, Informative

    Not brain surgery but more sophisticated than a tape head connected to a serial port. Since the speed of the card over the head is expected to have a wide speed range, the reader has to have its own adaptive clock circuitry in it to decode the card, and THEN it's converted to rs-232 or CMOS level signals.

    --



    To ensure perfect aim, shoot first and call whatever you hit the target
  9. Re:Here is what I do by mcheu · · Score: 5, Informative

    1. If you can, go to a supermarket or any store nearby that gives you cashback on your debit card. I can buy a pack of gum instead of paying stupid ATM fee AND get cashback with NO risk.

    You then end up paying a debit fee instead. Admittedly, it's lower than a 3rd party ATM fee, but it's still more expensive than going to an ATM owned by your home bank. Further, a lot of stores don't want to do this, because:

    a) In one small pissant purchase, you've cleared out the register of cash, which makes it difficult to give change to the next customer.

    b) The store has to pay a debit fee with each transaction. Whoopie, you've bought an 80cent pack of gum (on which only 20 cents profit at most), and are asking the guy to incur 50cents to 75cents worth of debit fees on his end. This is why some stores have a minimum purchase requirement to use debit.

    Also, your definition of "no risk" may not be the same as mine. There have been instances in Canada where some of these scammers have set up shop in a real shop. This is how it's done. The first time they swipe your card through, they swipe it through a slot near the real one, and claim the card was rejected or didn't read right. The second time, the card is swiped through the real one and a the real transaction happens. All the while, the "clerk" is watching you enter your PIN, and he's got a copy of your card now. Perhaps this is why the store doesn't have a problem with giving you a cash advance and being hit by the vendor debit fees on such a small item.

    I'm not saying that every instance where your card gets rejected is a scam, since it does happen that a card will be unreadable or rejected. I'm just saying there's still some risk involved.

    2. Use your credit card to withdraw cash (but make sure that you pay it in the next billing cycle as cash withdrawls have very high APR) as the liability on credit cards is very low.

    What, do you work for a credit card company? Unlike credit card purchases which hit you with interest only if you pay late, cash advances put interest on what you owe the instant you get the cash. You've already mentioned the high interest rate. Even if you pay quickly and on time, a credit card advance will have a nasty surprise attached.

  10. Recent spat in Canada by kbahey · · Score: 3, Informative

    These skimming devices were commonly detected in Canada (Ontario) during the last year or so.

    They are becoming more and more sophisticated, and the police busted several people for it, and issued precautions for the public:

    - Try to use machines in the bank branch you deal with
    - Try to avoid machines in public places (malls, convenience stores, ...etc)
    - Report anything that looks suspicious on a machine

    --
    2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
  11. Re:shouldn't ATM machines be designed better? by odsign · · Score: 3, Informative

    That's the thing. The ATM's don't read it. The ATM says, 'Hey, bucko. Encrypt this with your private key.' The card does so, the ATM decrypts it with the public key, and when the result is the same, you know it's the right card, without anybody except the card knowing its key.

  12. Skimmer with Radio Transmitter by csk_1975 · · Score: 3, Informative
    The ones in Hong Kong use radio transmitters instead of flash cards. Here is a picture of one installed on an ATM. Pretty hard to see, huh? Also here is the police report:-

    Crime Information : Skimming Device Installed in ATM (TW RN04000499)

    Location : Two ATMs outside Hang Seng Bank, Tai Ho Road.

    Facts: On 2004.01.05, ATM maintenance worker of Hang Seng Bank conducted a routine check and confirmed that 2 metal covers (of same design) were being 'fitted' onto the top ledges of two of the ATM machines.

    The Skimming Device:-

    • i) the metal covers, 60cm x 4cm x 2cm in size, painted in the same colour as the ATM, were installed perfectly onto the top ledge of the ATM panel;
    • ii) a pinhole camera lens was installed inside the metal cover facing the screen panel with a view to reading the pin number. This was connected to a transmitter which has an emitting range of about 200M and could work for 9-12 hours with three 9-watt batteries, and
    • iii) a false card reader was believed to have been fixed to the card slot of the ATM but had been removed prior to being discovered.
    • iv) This is the first time that a device of this nature was placed in such a busy location. The device was first reported by a bank customer on 2004.01.04 but no action was taken by the bank until 2004.01.05. CCB will follow-up on this issue.
  13. Re:An idea by glorf · · Score: 4, Informative

    Because the Americans with Disabilities Act forces even drive-thru ATMs to have braille. Never mind the fact that the on screen displays aren't standardized and the prompts point to different buttons at different banks. Any system you come up with that requires a sighted person to operate will not work.

  14. Re:Here is what I do by cyt0plas · · Score: 5, Informative

    1) Some merchants charge fees. Many don't as it's cheaper than credit.

    2) Some merchants offer cashback as an _incentive_ to get your business.

    3) If you clean out the register at a medium to large shop (small shops can be different), you've saved them the trouble. That's that much less cash for them to send out to be converted electronically. Also, it's less cash to send out on armored cars (depending on the size of the merchant).

    4) For the places that eat the $0.20 fedwire (Automated Clearing House) fees, it's typically less than the cost of a credit card, and they often don't have to pay a percentage. Buying nothing more than a pack of gum means they lose money, but they run that risk with a Credit Card too.

    --
    Contact Me (got tired of viruses emailing me).
  15. Re:Questionably Legal??? by Avakado · · Score: 4, Informative

    In some countries (or maybe only Norway), whenever your ATM card is used in an ATM machine, the machine writes a new unique code to the magnet strip. The next time you use the card, it must contain that specific code, or it is swallowed.

    Sadly, the terminals used in stores cannot do this, so you have to use your card in an ATM every now and then, to make sure nobody has a copy of it (quite the opposite of the problem mentioned in this article).

    --
    The world will end in 5 minutes. Please log out.
  16. Happened to me... by jbrw · · Score: 4, Informative

    ...almost.

    Went to take some money out late one night. There were about three (eastern european) guys huddled around the machine fiddling. Went to get money out, and the machine held out to my card - you could see the card in the slot, but couldn't get it out. Guys reappear and tell me something like "Oh. I've seen this before. Press blah, blah, blah and enter your PIN" while standing over me. Hmm, I don't think so...

    So, I step back call my bank, wait on hold for an age, and as soon as they hear me confirm to the bank I want to cancel my card, I get my card thrown back at me by said guys, and they scarper into a car that has subsequently double parked.

    I reported it to the local police station, and they said it happens all the time, but it wasn't actually a crime until they withdrew money (!!!).

    It's called a "Lebanese Loop". More info here:

    http://hoaxinfo.com/atmscam.htm

    I see plenty of machines in London with glue residue around the card slot. This must happen all the time...