ATM Insert Skimmers: A Closer Look

Discussion in 'malware problems & news' started by ronjor, Nov 28, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://krebsonsecurity.com/2016/11/atm-insert-skimmers-a-closer-look/
     
  2. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    Wow! That's way to easy and not noticeable. I haven't used a ATM in years and with tools like this to steal your private information, I'll never use another ATM.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    We just need to abandon "magnetic strips" and allow ONLY chip technology. This problem would be solved in that one simple step. Don't even talk to me about costs. We spend more cleaning up the mess from the ancient magnetic strip protocol then requiring the removal of magnetic technology.
     
  4. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    572
    Location:
    Bosnia
    That's scary.
     
  5. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    The way technology is going at the present time, someone will figure out how to steal information from the chip. Just give them time, it will happen.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    First they'll need to break the encryption. In other areas (remember the USA is years late to the party) only online issues have ever presented themselves. That is operator error not a cracked chip.

    What would be ANY logical reason to delay chip only technology if you really care about security?
     
  7. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    At first glance it seems an obvious question , glib even ....

    But thinking further on it only raises more questions .
    Why this irrational delay ? ... apathy , ignorance , losses too low to matter , cost of changing too high , general indifference ??
    Who is currently carrying the relentless losses , and why do they continue ?
    And perhaps more importantly , who is underwriting the whole show ?
    So who benefits by actively maintaining magnetic stripe cards with no chip ?
    Or as lawyers are fond of saying ... "Cui bono ? " .

    I don't have the answers BTW ; it took me a while just to get the questions right :)
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    In order to maintain security it's necessary to respond to vulnerabilities and raise the bar. Magnetic strip technology is clearly compromised. Chip & PIN is the way forward.
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    All of the above. Until recently I believe the losses were just considered the cost of doing business, but that is changing. Look at what happened with the Target hack; that was perceived as sufficiently threatening to motivate the company to switch to Chip & PIN in about a year.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Well my small vote doesn't matter too much. If I were in charge in the USA and ONLY my vote counted (lets say I was President) I would instruct the ACH (clearing house) that ONLY chip transactions can be processed. Give a two month advance notice, meaning effective Feb 1 no chip means a merchant CANNOT process credit through the system. The decision needs to be removed for MY security. I have had to personally get two cards replaced when merchants were hacked. I did everything right, but they let me down without consequence to them. It was my time and hassle, and that is wrong!
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    So You Think You Can Spot a Skimmer?

     
  12. gorblimey

    gorblimey Registered Member

    Joined:
    Jan 19, 2017
    Posts:
    158
    Location:
    West Oz
    We did that in Oz some years back. Then the Big Two went and made us an offer (Pay Wave/Pass) they knew we were too greedy to refuse.

    It wasn't hard. Thieves just got themselves RFID units and discovered they work at distances greater than one meter... As did the legitimate readers, taking money from the wrong cards.

    MasterCard and Visa contactless can be disabled, but you need to know where to cut the antenna leads without compromising the chip. Neither manufacturer makes RFID-free cards for use in Oz. Apparently we need the technology.
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    If there were not a handful of services, which still require cash, I would not even bother. I go to ATM once every 2-3 months.
     
  14. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Its also prevalent at gas stations when you use a card to pay the bill upfront.

    Check your bank statement for any suspicious charges and get them canceled.
     
  15. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    My personal counter measure is to get a "text alert" every single time any of my accounts is ever used. I thought it would get annoying, but it really isn't. The ringer for that text is silent on my smartphone and if I am busy I'll scan the texts later in the day. Usually I am sitting where I can view the text immediately. After all if I have my cards in my pocket I should know if they are being used. LOL!
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Spot on.
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I do this too; pretty simple. If everyone setup email and/or text alerts it would really choke off the fraudulent activity. And while we're at it let's require 2FA (two factor authentication) :)
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’

     
  19. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Re: ATM Insert Skimmers: A Closer Look

    Just don't look too closely:

    "Man trapped in Texas cash machine sends 'help me' notes

    A Texas man who found himself trapped inside a cash machine slipped "help me" notes through the receipt slot..."

    http://www.bbc.com/news/world-us-canada-40589631
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Dumping Data from Deep-Insert Skimmers

     
  21. guest

    guest Guest

    Insert Skimmer + Camera Cover PIN Stealer
    March 10, 2019
    https://krebsonsecurity.com/2019/03/insert-skimmer-camera-cover-pin-stealer/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.