Posts Tagged: wincor nixdorf


7
Jul 14

The Rise of Thin, Mini and Insert Skimmers

Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Here’s a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year.

According to a new report from the European ATM Security Team (EAST), a novel form of mini-skimmer was reported by one country. Pictured below is a device designed to capture the data stored on an ATM card’s magnetic stripe as the card is inserted into the machine. While most card skimmers are made to sit directly on top of the existing card slot, these newer mini-skimmers fit snugly inside the card reader throat, obscuring most of the device. This card skimmer was made to fit inside certain kinds of cash machines made by NCR.

An NCR mini-skimmer designed to slip inside of ATM's card acceptance slot. Image: EAST.

A mini-skimmer designed to slip inside of an NCR ATM’s card acceptance slot. Image: EAST.

“New versions of insert skimmers (skimmers placed inside the card reader throat) are getting harder to detect,” the EAST report concludes.

The miniaturized insert skimmer above was used in tandem with a tiny spy camera to record each customer’s PIN. The image on the left shows the hidden camera situated just to the left of the large square battery; the photo on the right shows the false ATM fascia that obscures the hidden camera as it was found attached to the compromised ATM (notice the tiny pinhole at the top left edge of the device).

The hidden camera used in tandem with the insert skimmer. Source: EAST.

The hidden camera used in tandem with the insert skimmer. Source: EAST.

EAST notes that the same country which reported discovering the skimmer devices above also found an ATM that was compromised by a new type of translucent insert skimmer, pictured below.

A translucent mini-skimmer made to sit (mostly) inside of an ATM's card acceptance slot. Source: EAST.

A translucent mini-skimmer made to sit (mostly) inside of an ATM’s card acceptance slot. Source: EAST.

Continue reading →


13
May 14

Postal Service: Beware Stamp Kiosk Skimmers

The United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at Post Office locations across the United States, KrebsOnSecurity has learned.

USPS Automated Postal Center (APC) self-service stamp kiosk.

USPS Automated Postal Center (APC) self-service stamp kiosk.

Earlier this month, I began hearing from sources in the banking industry about fraudulent debit card activity on cards that were all recently used at self-service stamp vending machines at U.S. Post Offices in at least 13 states and the District of Columbia.

Asked about the activity, a spokesperson for the U.S. Postal Inspection Service confirmed that the agency has an open investigation into the matter, but declined to elaborate further beyond offering tips for consumers to help spot skimming devices that may be affixed to automated stamp vending machines at post office locations.

In an emailed response, the USPIS said it is urging USPS employees to visually inspect the Automated Postal Center (APC) machines multiple times during the day, and that it is asking customers to do the same.

“USPIS recommends customers who use the APC machine should personally visually inspect the machine prior to use,” the USPIS said. “Look for any type of plastic piece that looks like it has been slid over the actual credit card reader. Look for any other type of marking on the machine that looks as though it has been applied by a third-party.”

The USPIS is asking customers who see something that appears to be out of place on the machines to notify the local post office supervisor immediately.

The USPIS declined to answer additional questions about the investigation, such as when the fraud first began. But according to sources at two separate financial institutions whose customers have been impacted by the activity, the fraud began in late November 2013, and has been traced back to self-service stamp vending machines in Arizona, California, Colorado, Florida, Georgia, Kentucky, Massachusetts, Nebraska, New York, Oregon, Pennsylvania, Utah, Virginia, and Washington, D.C. Continue reading →


16
Jul 13

Getting Skimpy With ATM Skimmers

Cybercrooks can be notoriously cheap, considering how much they typically get for nothing. I’m reminded of this when I occasionally stumble upon underground forum members trying to  sell a used ATM skimmer: Very often, the sales thread devolves into a flame war over whether the fully-assembled ATM skimmer is really worth more than the sum of its parts.

Card skimmer device made for Wincor/Nixdorf ATMs

Card skimmer device made for Wincor/Nixdorf ATMs

Such was the fate of an audio-based ATM skimmer put up for sale recently on a private crime forum. The seller, a Ukrainian, was trying to offload a relatively pro-grade skimmer powered by parts cannibalized from an MP3 player and a small spy camera. The seller set the price at $2,450, but made the mistake of describing the device’s various parts, all of which can be purchased inexpensively from a variety of online retailers.

For example, he told forum members that the main component in the card skimmer as an MSR-605, which is a handheld magnetic stripe reader of the sort that you might find attached to a cash register/point-of-sale machine at a retail clothing store, for example.

This ubiquitous device can be had for approximately $200 at a number of places online, including Newegg.com and Amazon.com. The seller went on to describe the inexpensive flash storage drive that was incorporated in his device, and the modified tiny video camera that was hidden on the underside of a fake fascia designed to be affixed to the top of the ATM and record victims entering their PINs.

This tiny spy camera powers the fake ATM fascia that records victims entering their PINs.

This tiny spy camera powers the fake ATM fascia that records victims entering their PINs.

The image below shows the fake fascia as it appears from the side meant to be pointed toward the PIN pad. IMG_1871

Continue reading →