[ALERT] ATM Skimmer Scammers
What is the biggest threat to financial networks? It's not ransomware, phishing, or denial-of-service attacks. It’s “ATM skimming,” the illegal capture of debit card data and PIN numbers by a “skimmer” device inserted into an Automated Teller Machine (ATM). Here's how to spot a skimmer and how to protect against this type of scam...
How Does ATM Skimming Work?
It is estimated that ATM skimmers result in losses of over $2 billion each year. And the number of ATMs compromised by skimming increases 40% annually, according to the FICO Card Alert Service which monitors hundreds of thousands of ATMs for the nation’s banks.
In July 2020, news sources reported the arrest of Marcus Catalin Rosu, a Romanian national who had been the subject of a years-long investigation into a skimming scheme that netted hundreds of thousands of dollars. After attracting the attention of police through an altercation with an airport car rental agent, Rosu was found with about a thousand blank magnetic strip cards and other ATM skimming components. Rosu was sentenced to two and a half years in prison, and must pay $57,000 in restitution to his known victims.
But Rosu is just one of many players in the skimming underground. Late in 2021, more than 70 New Yorkers who had received financial assistance through prepaid debit cards, found that some of those funds had been stolen by ATM skimming. NYPD reports that no arrests have been made in these cases.
Skimmer devices have improved dramatically in recent years. A modern skimmer may be little thicker than a debit card, and slips invisibly into the same slot into which you slide your card. Some are installed as overlays on the card reader slot. Inside is a tiny computer, magnetic stripe reader, and storage device. When an unsuspecting victim uses the ATM, the skimmer reads the card’s critical data from the stripe.
And even if you have one of the newer cards with a chip built in, you could still be affected. Brian Krebs of Krebs on Security says "many chip-based cards issued by American and European banks alike still have cardholder data encoded on a magnetic stripe in addition to the chip." That article also gives details on the latest highly sophisticated super-thin skimming devices. Some are made specifically for hacking terminals at retail stores with self-checkout lanes.
Fortunately, consumers are rarely the ones who absorb skimming losses - directly, that is. Under the Electronic Funds Transfer Act (a 93-page PDF), consumers are generally not liable for funds stolen from their bank accounts via frauds such as skimming, as long as they report the losses within 60 days of their occurrence. Financial institutions take the hit directly -- but of course, they seek to recoup their losses from customers in other, legal ways. That estimated $2 billion in losses will result in higher fees and interest rates, which are passed along to consumers.
Capturing card data is only part of the fraud formula; the thief also needs your PIN. So tiny cameras are sometimes installed unobtrusively near the ATM’s keypad to record the buttons you press. Newer skimming devices incorporate infrared transmitters to send the captured data to the camera, so both your PIN and the card data can be captured. Some skimmer scammers even use overlays on the keypad, to capture your PIN.
Many ATMs now have plastic shields around their keypads, and banks urge you to cover the keypad with your hand while entering your PIN, even if no one is looking over your shoulder. I've always used the "two finger method" for entering my PIN number at the ATM. Point two fingers at the keypad, but only press with one. This makes it impossible for hidden cameras or anyone nearby to see what numbers you actually press.
How Are ATMs Protected?
Bank-owned ATMs are usually rigorously policed by the banks themselves. They send out inspectors to check ATMs for skimmers. But non-bank ATMs, such as the standalone machines found in convenience stores, are not so vigilantly policed. FICO reports that 60% of skimmer-compromised ATMs are non-bank machines. So you may want to avoid them to reduce your chance of being skimmed.
You should be especially careful when using non-bank ATM machines in tourist locations. Security researcher Brian Krebs wrote a fascinating article, Who’s Behind Bluetooth Skimming in Mexico? which details how ATMs in popular Mexican tourist destinations were being hacked. But the problem isn't limited to the withdrawal of cash at automated teller machines. Point of sale terminals at gas stations and other retail locations that aren't under constant surveillance can also be compromised. Any time you swipe your card, you should be wary.
So-called chipped cards are not invulnerable to skimming yet. Many U.S. merchants have not upgraded their card readers to use this enhanced security, so chipped cards still have the magnetic strips that skimmers can read. Banks can hardly wait for all card readers to be upgraded so that the magnetic strip can finally be eliminated. Many are offering merchants incentives and penalties to push them into this upgrade.
Telltale signs that an ATM may harbor a skimmer include a card slot housing that seems loose or wiggly; glue around the housing; and unusual difficulty inserting your card. If you stick to using just a few bank ATMs, anything unusual that appears in them will be more readily apparent to you.
Sixty Days or Six Hundred Dollars?
With skimming skyrocketing, your best defense is to monitor your bank accounts for unusual activity regularly, and report any unauthorized transactions well within the 60-day time limit. Even though the law protects you against losses due to fraud, you may find yourself out some serious money for a few days or weeks while your bank processes your fraud claim. The average amount of money lost per skimmed card is $600, according to FICO. That’s not chump change for most of us.
Have you or someone you know been skimmed by the scum that schemes to scam, as you withdraw funds from an ATM? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 1 Feb 2022
|For Fun: Buy Bob a Snickers.|
Ting-a-Ling! Save on Your Mobile Phone Bill
The Top Twenty
Geekly Update - 02 February 2022
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [ALERT] ATM Skimmer Scammers (Posted: 1 Feb 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved