Visual Autopsy Of An ATM Card Skimmer
Bert64 writes "A chap at work was recently the victim of an ATM card skimmer which took his card details, cloned them and allowed the fraudster to take 550 pounds out of his account.
Having tried to explain how the fraudsters can hide a camera and card reader around the ATM, he decided it would be easier to show one of them after a few drinks down the pub.
He was a little surprised to find that the machine he chose had a card reader and camera in place. These were removed and analysed, we believe we have reclaimed about 800 pounds worth of kit. Result:
Pictures."
Was this the pass through kind? how was the camera attached? If I used one hand to cover the other hand while keying the PIN would that "thwart" it? Great pix but I could also use a little more commentary on what to watch out for.
In the future, I would want to not be isolated from my friends in the Space Station.
Well, not really.
The skimmer is attached to any arbitrary machine without the cooperation of the ATM owner.
So they can hit even your own bank's machines, if they so desire.
This is the best ATM scam since... well... the last ATM scam, where they put a complete ATM machine in place. Except they got caught because they tried to stiff their ATM machine supplier.
Gentoo Sucks
There are plenty of legitimate uses for magnetic stripe readers. Why, here at the University of South Carolina we just installed 3 $1,200 newspaper machines to limit the free newspaper program to students and faculty. I suppose you also think taxing blank CD-R and giving the proceeds to record companies is a good idea, because nobody would ever want to, say, back up data with them.
Two things that I always ask my friends to do too.
1. If you can, go to a supermarket or any store nearby that gives you cashback on your debit card. I can buy a pack of gum instead of paying stupid ATM fee AND get cashback with NO risk.
2. Use your credit card to withdraw cash (but make sure that you pay it in the next billing cycle as cash withdrawls have very high APR) as the liability on credit cards is very low.
Free XBox, PS2
My bank uses ATM machines that suck the card completely into the slot, with only a little bit of a metal guide plate exposed below the slot. (Typically, they have a label with arrows printed on it that's affixed just beneath the slot, as well.) If you tried to add some sort of reader device to the front of the ATM, covering the original slot and plate, it would be fairly obvious it didn't belong there. I'm sure it might fool *some* clueless people - but it would surely be ripped from the machine pretty quickly, as someone a little more clueful realized what was going on. (After all, it would obscure part of the label, making it obvious it wasn't part of the original ATM machine.)
I have a feeling these card skimmers only work on specific models of ATMs (most likely, the little privately owned units you see in restaurants and gas stations, as opposed to actual bank-owned ATMs).
I'm not so sure about that. When something similar happened in Norway some time ago, the police was alerted and put the place under surveillance. The culprits were caught in the act of removing the devices.
I think the people who removed it should have done the same, thus helping to catch the bastards. For all they knew, the place could already be under surveillance, giving THEM the blame for the crime...
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
This is a growing trend. Along with other questionably legal items, you can find a card reader from Ebay for a fraction of what you can scam.
What a good post 9-11 American citizen. You are right in calling it 'questionably' legal, unfortunately (for you) the answer to the question is yes it is legal. The government does not need to put Laws on everything that can do bad things, the laws should instead target bad things. DVD recorders should not be illegal...selling (or even just giving) a burned DVD of Star Wars should be illegal. Having a magnetic card reader is a great exercise in driver writing and or learning about it for POS apps (not piece of s&^t apps).
Hate to be a party pooper but didn't you consider leaving it there and calling the cops ?
If you had they might have been able to bust the individuals concerned and saved some innocents down the track a lot of grief.
This way you got 800 quid's worth of stolen electronics, the thief wrote off some capital investment and a couple of thousand /.'ers got some pre-pubescent excitement. Wahooo.
Don't look back the lemmings are gaining on you
Most of the scams I have seen like this rely on recording your PIN based on what you type.
The earliest versions simply had someone peering over your shoulder, or using a camera/telescope mounted up and behind and stealing the original.
Get in the habit of 'embedding' your PIN within a larger number. Type this longer number too lightly to casue the pressure sensor to register and varying your pressure only on the 'key' digits. It won't fool decent resolution or close observation, but given the angles/lighting conditions and cheaper digitial cameas that are starting to show up, I am guessing that they are going to have trouble working out which hits are the real McCoy.
Sure it relies on making your case more difficult than your neighbours, but to an extent that is all most locks and security devices do. Sure it's paranoid, and it does take some effort to set up, but muscle memory handles most of the work after a while and these days I only get a few false hits. YMMV
Comment removed based on user account deletion
Even better would be the use of smartcards instead of current cards. The card simply has its own private key, the ATM machines/bank issue a challenge to the card and verify it against the known public key.
The private key is never divulged yet the authenticity of the card is known. There is no way to scam the system other than steal the physical card and know what the pin is. These really need to be adopted soon.
I.O.U One Sig.
Could this be the death of the PIN? What's next - biometrics? Will this last only as long as it also cannot be spoofed?
The advantage of a PIN over biometrics is that you can always change your PIN.
Once someone finds out how to fool a biometric scanner into returning your biological data; you're hosed. You can't gouge your own eyes out and replace them with new ones.
Any security system whose keys can't be changed is fatally flawed and should not be used -- ever.
NO CARRIER