[ALERT] ATM Skimmer Scammers
What is the biggest threat to financial networks? It's not ransomware, phishing, or denial-of-service attacks. It’s “ATM skimming,” the illegal capture of debit card data and PIN numbers by a “skimmer” device inserted into an Automated Teller Machine (ATM). Here's how to spot a skimmer and how to protect against this type of scam... |
How Does ATM Skimming Work?
It is estimated that ATM skimmers result in losses of over $2 billion each year. And the number of ATMs compromised by skimming increases 40% annually, according to the FICO Card Alert Service which monitors hundreds of thousands of ATMs for the nation’s banks.
In July 2020, news sources reported the arrest of Marcus Catalin Rosu, a Romanian national who had been the subject of a years-long investigation into a skimming scheme that netted hundreds of thousands of dollars. After attracting the attention of police through an altercation with an airport car rental agent, Rosu was found with about a thousand blank magnetic strip cards and other ATM skimming components. Rosu was sentenced to two and a half years in prison, and must pay $57,000 in restitution to his known victims.
But Rosu is just one of many players in the skimming underground. Late in 2021, more than 70 New Yorkers who had received financial assistance through prepaid debit cards, found that some of those funds had been stolen by ATM skimming. NYPD reports that no arrests have been made in these cases.
Skimmer devices have improved dramatically in recent years. A modern skimmer may be little thicker than a debit card, and slips invisibly into the same slot into which you slide your card. Some are installed as overlays on the card reader slot. Inside is a tiny computer, magnetic stripe reader, and storage device. When an unsuspecting victim uses the ATM, the skimmer reads the card’s critical data from the stripe.
And even if you have one of the newer cards with a chip built in, you could still be affected. Brian Krebs of Krebs on Security says "many chip-based cards issued by American and European banks alike still have cardholder data encoded on a magnetic stripe in addition to the chip." That article also gives details on the latest highly sophisticated super-thin skimming devices. Some are made specifically for hacking terminals at retail stores with self-checkout lanes.
Fortunately, consumers are rarely the ones who absorb skimming losses - directly, that is. Under the Electronic Funds Transfer Act (a 93-page PDF), consumers are generally not liable for funds stolen from their bank accounts via frauds such as skimming, as long as they report the losses within 60 days of their occurrence. Financial institutions take the hit directly -- but of course, they seek to recoup their losses from customers in other, legal ways. That estimated $2 billion in losses will result in higher fees and interest rates, which are passed along to consumers.
Capturing card data is only part of the fraud formula; the thief also needs your PIN. So tiny cameras are sometimes installed unobtrusively near the ATM’s keypad to record the buttons you press. Newer skimming devices incorporate infrared transmitters to send the captured data to the camera, so both your PIN and the card data can be captured. Some skimmer scammers even use overlays on the keypad, to capture your PIN.
Many ATMs now have plastic shields around their keypads, and banks urge you to cover the keypad with your hand while entering your PIN, even if no one is looking over your shoulder. I've always used the "two finger method" for entering my PIN number at the ATM. Point two fingers at the keypad, but only press with one. This makes it impossible for hidden cameras or anyone nearby to see what numbers you actually press.
How Are ATMs Protected?
Bank-owned ATMs are usually rigorously policed by the banks themselves. They send out inspectors to check ATMs for skimmers. But non-bank ATMs, such as the standalone machines found in convenience stores, are not so vigilantly policed. FICO reports that 60% of skimmer-compromised ATMs are non-bank machines. So you may want to avoid them to reduce your chance of being skimmed.
You should be especially careful when using non-bank ATM machines in tourist locations. Security researcher Brian Krebs wrote a fascinating article, Who’s Behind Bluetooth Skimming in Mexico? which details how ATMs in popular Mexican tourist destinations were being hacked. But the problem isn't limited to the withdrawal of cash at automated teller machines. Point of sale terminals at gas stations and other retail locations that aren't under constant surveillance can also be compromised. Any time you swipe your card, you should be wary.
So-called chipped cards are not invulnerable to skimming yet. Many U.S. merchants have not upgraded their card readers to use this enhanced security, so chipped cards still have the magnetic strips that skimmers can read. Banks can hardly wait for all card readers to be upgraded so that the magnetic strip can finally be eliminated. Many are offering merchants incentives and penalties to push them into this upgrade.
Telltale signs that an ATM may harbor a skimmer include a card slot housing that seems loose or wiggly; glue around the housing; and unusual difficulty inserting your card. If you stick to using just a few bank ATMs, anything unusual that appears in them will be more readily apparent to you.
Sixty Days or Six Hundred Dollars?
With skimming skyrocketing, your best defense is to monitor your bank accounts for unusual activity regularly, and report any unauthorized transactions well within the 60-day time limit. Even though the law protects you against losses due to fraud, you may find yourself out some serious money for a few days or weeks while your bank processes your fraud claim. The average amount of money lost per skimmed card is $600, according to FICO. That’s not chump change for most of us.
Have you or someone you know been skimmed by the scum that schemes to scam, as you withdraw funds from an ATM? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 1 Feb 2022
For Fun: Buy Bob a Snickers. |
Prev Article: Ting-a-Ling! Save on Your Mobile Phone Bill |
The Top Twenty |
Next Article: Geekly Update - 02 February 2022 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- [ALERT] ATM Skimmer Scammers (Posted: 1 Feb 2022)
Source: https://rankinfile.com/alert_atm_skimmer_scammers.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "[ALERT] ATM Skimmer Scammers"
Posted by:
Lucy
01 Feb 2022
I think the best thing we do is receiving alerts whenever our card is used, easy to stay on top of charges made.
We also take a chance that everywhere we spend will have the chip reader so we have scratched away the magnetic strip on all but one card that we use for gas.
Have never noticed anyone else peering at the card reader on a gas pump but we do. We also use the pump that is in sight of the clerk although that won't help when the station is closed and the bad guys stop by with their skimmer.
Good info for this week, as it is Identity Theft Awareness Week 2022. Mon Jan 31 through Friday Feb 4
Posted by:
Bob K
01 Feb 2022
For cards still with mag stripes, but with a chip, wouldn't it help to erase that strip? Seems like rubbing it with a magnet would make it unreadable.
True, that might rule out using that card at some locations, but maybe you wouldn't want to, anyhow.
Now, if they would make drive-up ATMs so you could maybe reach the keypads with two hands, you might be able to shield your fingers when entering your pin.
Posted by:
cropduster
01 Feb 2022
It would be helpful, Bob, if you would have posted some photos to show just how 'invisible' these latest skimming card readers are.
ALSO, after all these many years talking about adopting 'chip and pin credit cards' in the U.S. such as in Europe, we STILL don't require a pin with a credit card!!! (I have a pin for each of my credit cards, but it is NEVER asked for here in the states) Our BANKS and card processors are just INVITING the problems you have described....they deserve what they got!!
Posted by:
Bob K
01 Feb 2022
How safe are the 'contactless' readers?
Some of those will read the info off your cellphone. Now, THAT is asking for trouble!
We should keep our phones for what they were intended for -- taking pictures.
Posted by:
David
01 Feb 2022
Just wondering if ATM machines also had the “tap” feature available; would that be easy to skim as well?
Posted by:
MartinW
01 Feb 2022
My one and only debit/credit bank card has both a chip and a stripe. The problem is that the chip sometimes has problems. Sometimes, at some places, on some machines, it works fine. Other times and places it might work on the second or third try. Sometimes I can ONLY use the stripe. (This was so on my old card, too, after a few years. The cards are always good for three years, by the way, then replaced.) I agree chips are safer, but without the stripe, I'd be out of luck. Darn!
Posted by:
Stephen
01 Feb 2022
Good stuff. I am happy to see you link to Brian Krebs' site. For those of you who don't know him, go to the site and read his ABOUT page. And then sign up for his newsletter. He has info on skimmers and such, too. Bob and Brian are two of the folks I subscribe to and have for years.
Might I suggest folks use an app for your gas purchases (at least for the ones near your home or office). That way no swiping. And, depending on which brand you've got they might offer some deals. I get 5 cents off per gallon on some purchases (it would happen more often if I actually spend $100 per month).
Posted by:
Lucy
01 Feb 2022
cropduster
Go to the krebs website Bob links to in this article (skimmers in Mexico) and check out a different article on there:
"All about skimmers powered by chip cards".
Sorry, tried to post with a link but was not able to.
You'll find it interesting, it addresses both issues you raised.
Posted by:
Jim M
01 Feb 2022
Don't know if this is true with all banks but Wells Fargo allows you set a limit on how much can be charged or withdrawn in a 24 hour period. Only downside is if you need to go over the limit you have to make a call. I figure it's worth the hassle since I rarely need to exceed the limit.
Posted by:
Mike Perkins
01 Feb 2022
I never have this problem. I always use cash.
Posted by:
Brian B
01 Feb 2022
There are a few points to be made on this info Bob.
1. ATMs in my opinion are redundant. I haven't used cash in over 10 years. I have yet to find any business that does not accept EFTPOS.
2. An ATM is the property of the person/company owning it, and should be totally responsible for someone stealing money from it.
3. If businesses still require the card strip. then the banks etc should just pull the plug on them. They'll quickly come into line if they don't have card facilities.
4. Any cash machine, be it ATM or EFTPOS that requires a card to be inserted or swiped should be avoided like the plague. All EFTPOS machines have an enclosed mechanism and the card's chip is read through the casing. Just avoid swiping through the slot. If the business requires a read of a strip via the slot, just take your business elsewhere. If this tap the card feature was utilized on ATMs along with a full face photo before the machine would respond, so covering the camera would be of no use, they would be a lot more secure.
5. Who uses cash any more? If for some reason cash is needed, you can ask for cash back at a supermarket checkout. It's a sight more secure that some current ATMs, that's for sure.
Posted by:
Vulcan
01 Feb 2022
Please post some photos of what a compromised card slot looks like, and visual cues a skimmer has been installed.
What can we carry to slide in BEFORE we put our card in, to damage the skimmer or dislodge it - yet not harm the legal property.
Posted by:
Lucy
01 Feb 2022
Vulcan
Go to the krebs website Bob links to in this article (skimmers in Mexico) and check out a different article on there:
"All about skimmers powered by chip cards".
Sorry, tried to post with a link but was not able to.
Posted by:
cropduster
01 Feb 2022
To Brian B......."Who uses cash any more?" Well, I DO, almost always. I stopped using credit cards extensively when I realized I was being tracked and 'counted' for marketing purposes. And, I NEVER use a debit card anyplace except at my favorite supermarket. I never worried about skimmers......instead, my concern is over DATA! Expose yourself if you like, but not me.
It's also why I keep NOTHING CONFIDENTIAL OR PERSONAL on my iPhone. Lost or stolen? I don't care because I can get another one for a couple hundred dollars. No big deal.
Posted by:
Sarah L
02 Feb 2022
Is the ATM safe from theft when the chip alone is read by the chip reader? Have thieves found a way to steal at an ATM that way, too?
Posted by:
kevin
02 Feb 2022
If there is a person or camera observing you enter your PIN, Bob's two-finger method (of appearing to press two keys for each of the four numbers) does not actually help much at all. In fact, it makes it so the thief who saw you will now only need to try a maximum of 16 possible combinations of the four double-pressed keys to find out your PIN. (The odds are mathematically determined by multiplying 2 x 2 x 2 x 2 = 16.) Compare that to the thousands of possibilities when no key pressing is observed. Yes, Bob's technique may hinder the thief if a very low number of failed attempts at the same ATM location will cause the account to get locked. But, still, the thief could do just a couple of attempts at each of 3 or 4 separate ATM locations to avoid doing too many at any one of them and triggering a lock of the account. Anyway, if the account does get locked to protect your assets, that alone causes quite a bit of inconvenience for the legitimate cardholder. So you really need to block the entire keypad from view by holding something over it with your other hand. Better yet, minimize the use of your card in the first place (or at least avoid any ATM that seems less likely to be carefully monitored and maintained by the operator).
Posted by:
Brian B
02 Feb 2022
@ cropduster....where do you get your cash from? If it's from a bank, then guess what, you are being tracked. You say you never worried about skimmers but you are concerned about data. Being tracked on a credit or debit card will only expose you to annoying advertising which is really easily ignored. Being skimmed is a disaster anyway you look at it. You can not only loose your life savings, but also you identity. I know which of the two I would prefer.
Posted by:
Ernest N. Wilcox Jr.
02 Feb 2022
I avoid using ANY ATM other than the one at my local bank branch office. I use my debit card to pay for my purchases, and when I get gas for my car, I go inside to pay. I NEVER use the card slot at the pump. This is a bit less convenient, but much safer - my logic for this is that it would be very hard for a thief to install a skimmer on the inside card reader, (s)he would probably have to be an employee, so the risk of being caught would dramatically increase, making the likelihood of this scenario very unlikely.
I monitor my bank balance almost daily. There has been only one time when I found an unknown transaction. There was a charge of only a few dollars to enroll me in a new SeriousXM account. I called my bank to tell them that it was not me and they did what they could do on their side. They asked me to contact the vendor too. I did, and they investigated. Then found that the transaction occurred from another state, and using a different name, so they reversed the charges for me.
The bottom line here is that while I monitor my account to avoid overdrafts, I also watch for unknown transactions whenever I look at my account information on my bank account's website. It takes only a few minutes every day or two, so it is not an inconvenience. I am in front of my desktop computer every day for one reason or another anyway, and experience tells me that it is well worth the effort to do so. If I had not caught that SeriousXM transaction when I did, assuming it was a test transaction, how much more would have been taken if I had not been keeping my eyes open?
Ernie
Posted by:
harmonyjude
09 Aug 2022
I've been seeing posts and testimonials about BLANK ATM CARD but I never believed it, not until I tried it myself. It was on the 12th day of july. I was reading a post about places to visit in the UK when I saw this captivating post about how a Man described as Mr James Leo changed his life with the help of a Blank Atm Card. I didn't believe it at first until I decided to reach him through the mail address attached to the post. To my greatest imagination, it was real. Right now I am living up to a standard I never used to live before. Today might be your lucky day! Reach Mr James Leo via email: (cyberatmhackingservice@gmail. com) see you on the brighter side of life.