Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Here’s a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year.
According to a new report from the European ATM Security Team (EAST), a novel form of mini-skimmer was reported by one country. Pictured below is a device designed to capture the data stored on an ATM card’s magnetic stripe as the card is inserted into the machine. While most card skimmers are made to sit directly on top of the existing card slot, these newer mini-skimmers fit snugly inside the card reader throat, obscuring most of the device. This card skimmer was made to fit inside certain kinds of cash machines made by NCR.
“New versions of insert skimmers (skimmers placed inside the card reader throat) are getting harder to detect,” the EAST report concludes.
The miniaturized insert skimmer above was used in tandem with a tiny spy camera to record each customer’s PIN. The image on the left shows the hidden camera situated just to the left of the large square battery; the photo on the right shows the false ATM fascia that obscures the hidden camera as it was found attached to the compromised ATM (notice the tiny pinhole at the top left edge of the device).
EAST notes that the same country which reported discovering the skimmer devices above also found an ATM that was compromised by a new type of translucent insert skimmer, pictured below.
Though not insert skimmers, the devices pictured below — removed from ATMs in Europe this year — also come with a slim profile. I have seen various models of the card skimmer pictured below, devices that are generally made and sold to compromise Wincor/Nixdorf brand ATMs.
The device pictured below is a slender skimmer powered by what looks like either a cannibalized MP3 player or mobile phone. Mobile-powered skimmers allow thieves to have the stolen card data relayed via text message, meaning they never need to return to the scene of the crime once the skimmer is in place. MP3-based skimmers capture card data as audio waves that specialized software can later convert into card data.
As the EAST report notes, ATM skimmers are still a problem in Europe, even though virtually all cash machines there only accept cards that include so-called “chip & PIN” technology. Chip & PIN, often called EMV (short for Eurocard, MasterCard and Visa), is designed to make cards far more expensive and complicated for thieves to duplicate.
Unfortunately, the United States is the last of the G-20 nations that has yet to transition to chip & PIN, which means most ATM cards issued in Europe have a magnetic stripe on them for backwards compatibility when customers travel to this country. Naturally, ATM hackers in Europe will ship the stolen card data over to thieves here in the U.S., who then can encode the stolen card data onto fresh (chipless) cards and pull cash out of the machines here and in Latin America.
“In countries where the ATM EMV rollout has been completed most losses have migrated away from Europe and are mainly seen in the USA, Asia-Pacific, and Latin America,” the EAST report notes. “From the perspective of European card issuers the Asia-Pacific region seems to be eclipsing Latin America for such losses.”
One of the simplest ways to protect yourself from ATM skimmers is to cover the PIN pad when you enter your digits. Still, you’d be surprised at how few ATM users actually take this simple but effective precaution.
If you liked this story, check out the rest of my series on ATM skimmers.