15
Jan 10

Would You Have Spotted the Fraud?

Pictured below is what’s known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution.

This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?

This is a fairly professional job: Notice how the bulk of the electronics fit into the flap below the card acceptance slot. Also, check out the tiny pinhole camera (pictured below), ostensibly designed to switch on and record the victim’s movements as he or she enters their PIN at the ATM.

It’s hard to know whether this was a homemade skimmer, or one that was purchased from online criminal forums. Some of the skimmers sold on these forums are extremely sophisticated, incorporating features such the ability to send an SMS text message to the thieves’ mobile phone whenever a new card is swiped.

This type of fraud is actually far more common that you might think: A quick query on Twitter for “ATM skimmer” usually brings up plenty of local news reports about these devices being found on ATMs.

Practice basic ATM street smarts and you should have little to fear from these skimmers: If you see something that doesn’t look right — such as a odd protrusion or off-color component on an ATM — consider going to another machine. Also, stay away from ATMs that are not located in publicly visible and well-lit areas.

Update, 12:10 p.m: Mikko Hypponen from F-Secure sent in a few fascinating Twitter pics of other ATM skimmers that include ingenious ways to send the stolen credentials to the scammers.

If you liked this post, please check out my follow-up posts on ATM skimmers:,

ATM Skimmers Part II, includes an entire gallery of ATM skimmer images.

Would You Have Spotted This ATM Fraud? Delves into some of the rent-to-own skimmer models.

Fun With ATM Skimmers, Part III Examining the skimmer problem in Europe (+ more skimmer photos!).

ATM Skimmers: Separating Cruft from Craft Skimmer scammers are everywhere! Only buy your skimmer devices from real thieves!

Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message Skimmers with embedded cell phones allow thieves to continue stealing credentials without ever returning to the scene of the crime.

Skimmers Siphoning Card Data at the Pump Skimmers aren’t just for ATMs.

Tags: , ,

257 comments

  1. Why use ATMs, I’m in Europe but why use ATMs when the stores take cards?
    As long as you give the ATM your card it doesn’t matter if you have a chip or not since it is possible to read the strip anyhow.
    Leave checks and ATMs use cards in the shop.

    • If you’re buying petrol after hours you have to use your card, you can’t go into the store. If you want to withdraw cash after hours, same thing. You may not be able to avoid using the cards altogether.

    • There are numerous cases of readers in stores being compromised as well — plus in stores, it’s much easier for them to capture your PIN as well, since the version used in stores replaces the whole keypad as well as card reader.

  2. The number of comments which have been left about ‘finding one in the wild’ bring out one question.

    How easy are these to pull off? One guy mentioned taking 10 minutes to see if he could pull off the card reader. Are they easy to pull off, or does it take a bit of effort? If I pull on one and it doesn’t come off with a good tug, does that mean it’s safe?

  3. Why bother with a skimmer? Buy one of those “independent” ATMs (like the kind you find in gas stations or Quikie Marts), and collect all the card data and PINs you want. All it will cost you is $100 (max) per card swipe.

  4. Is it the reason that in Europe, they are using smart chip, so the reader is authenticated by the card before any operation can be done… So illegale reader means that the card will refuse to work…

  5. my question is, why the customers of a bank (card users) have to live in fear and suspicion, why cant the banks themselves keep an eye on their ATM machines, or have they a financial gain or stake in these skimmers?
    Every bank got a camera on every ATM to keep an eye on the customers, dont they spot somebody who is mounting a skimmer on their machine?
    Soon it will be safer to keep your cash under your matress and get a shotgun.

    • Unfortunately, the camera on an ATM will only work when a card is put in the slot. To have them work on a motion sensor or something would require more expenditure on the security system. Bear in mind, the security system on an ATM is NOT there to protect you. It’s there to protect the bank. Protecting yourself is up to you.

  6. Several years ago charges started showing up on my credit card from Russia. We had recently returned from a trip to France where we used ATM’s a lot. Never did know how the Russian criminal got our card number and pin info. I think this probably explains it. As an example, I was charged for plane tickets from Moscow to Minsk, two places I’ve never been.