A number of financial institutions in and around New York City are dealing with a rash of super-thin “deep insert” skimming devices. These devices are designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine.
These skimmers do not attempt to siphon chip-card data or transactions, but rather are after the cardholder data still stored in plain text on the magnetic stripe on the back of most payment cards.
The skimmers also need the customer’s 4-digit personal identification number.
With those two pieces of data, the crooks can then clone payment cards and use them to siphon money from victim accounts at other ATMs.
To steal PINs, pinhole cameras may be embedded in false panels made to fit snugly over the cash machine enclosure directly above or to one side of the PIN pad.
Skimming devices will continue to mature in miniaturisation and stealth as long as payment cards continue to hold cardholder data in plain text on a magnetic stripe.
However, covering the PIN pad with your hand defeats one key component of most skimmer scams, since the spy camera typically hides on or near the compromised ATM.
Surprisingly, few people bother to take this simple, effective step.
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.