February 2, 2010

Easily the most-viewed post at krebsonsecurity.com so far has been the entry on a cleverly disguised ATM skimmer found attached to a Citibank ATM in California in late December. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin‘s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.

According to Doten, the U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud, Doten said.

Click the individual images below for an enlarged version.


Have you seen:

Would You Have Spotted This ATM Fraud?…The site also advertises a sort of rent-to-own model for would-be thieves who need seed money to get their ATM-robbing businesses going. “Skim With Our Equipment for 50% of Data Collected,” the site offers. The plan works like this: The noobie ATM thief pays a $1,000 “deposit” and is sent a skimmer and PIN pad overlay, along with a link to some videos that explain how to install, work and remove the skimmer technology.


122 thoughts on “ATM Skimmers, Part II

  1. Robert

    There are card readers that are far more difficult to mount skimming equipment to. Redbox has designed a simple reader that appears all-but-impossible to attach a skimmer to. Why don’t the ATM and gas pump manufacturers do this?

    Some ATMs use full capture readers in order to confiscate cards that are reported stolen. This is unnecessary as once it’s reported stolen, it shouldn’t be possible to use again anyway.

    I suppose the manufacturers feel the price to retrofit is greater than their losses to fraud — nevermind that their customers are the ones who suffer terrible inconvenience! As usual, everything is measured against the bottomline.

Comments are closed.