Nigh-undetectable ATM skimmer

If the previous ATM skimmer posts didn't scare the pants off you, this one from San Fernando Valley, which Brian Krebs reports on, might. It has a near-undetectable pinhole camera for recording timestamped footage of your PIN entry, and apart from that indicator, the only way to spot it is to yank hard on the front of the ATM before you start using it.

A few tips about ATM skimmers and skimming scams. It’s difficult — once you’re aware of how sophisticated some of these skimmers can be — to avoid being paranoid around ATMs; friends and family often tease me for stopping to tug at ATMs that I pass on the street, even when I have no intention of withdrawing money from the machines.
Still, it’s good and healthy to be somewhat paranoid while at an ATM. Make sure nobody is “shoulder surfing” you to watch you enter your PIN. A simple precaution defeats shoulder surfing and many other types of video-based PIN stealing mechanism: Cover the PIN pad with your hand or another object when you enter your PIN.

Skimtacular: All-in-One ATM Skimmer

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: crime • Gadgets • money • security

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

mrbill1234

In the UK (And I think most of Europe) ATMs first try to read the chip – then the magnetic strip. I’m thinking that these skimmers currently cannot read the chip as this is not something that can be done in a ‘skim’. So – a possible workaround here is to get a strong magnet out and erase the mag-strip. This may cause problems if you travel abroad, but if it is just for cash withdrawal it should be OK.
- peterkvt80
  
  The magnetic strip only holds the card number. So erasing this means that some poor teller is going to have to type your card number in. What the camera does is it videos the card as it goes in so grabbing the numbers. And it sees the keyboard so it gets your PIN. The camera is no big deal. It is a cheap spy camera with a big battery so that it lasts longer. The thing that might look like a card stripe reader is only an optical switch. It senses when there is a card inserted and starts recording. The clever bit is the professional looking plastic panel.
  - brainflakes
    
    Doesn’t look like it, from the position of the camera it would be edge on to the card, so would never be able to capture the numbers. Also this “optical sensor” is exactly where the magnetic strip on the card happens to be…
  - http://www.ikaink.net Itsumishi
    
    Most skimmers read the magnetic strip, not try to record the numbers.
    
    In Australia in an effort to reduce skimming a few ATMs were set up to pull the card in halfway, push it back out a bit, then draw it in the rest of the way. Presumably the software in the ATMs knew when it was getting pushed out and didn’t scan, then resumed scanning once it came back as far as it had been pushed out.
    
    Skinner manufacturers either caught on to this pretty fast and worked out to do the same thing or it caused problems with a fair few cards because I didn’t see ATMs doing this for long.
    
    Now a lot of the ATMs in Australia come with odd shaped plastic bits that light up, etc where you stick your card in. Presumably to make attaching a skimmer difficult. I just make sure to cover my hand whenever I put my pin in, ATM, Eftpos, where ever.
  - Max Allan
    
    “So erasing this means that some poor teller is going to have to type your card number in”
    When are they ever going to do that? All the information is held on the chip, unless you go to some godforsaken country that hasn’t got the hang of chip’n'pin.
    
    And what good are the numbers on the card without the real deal from the mag stripe. You could confuse a skimmer with a quick go with a sander/paint/tape. Everyone would have caught onto that pretty quick.
    - peterkvt80
      
      I have worked on cards with magnetic stripes. The only data on the magnetic stripe is what you see embossed on the card. And which godforsaken country hasn’t got Chip and PIN? USA for one. There are enough targets there to keep any skimming crook busy for a long time.
- DrEnter
  
  ATM cards in the U.S. don’t have the smart chip from the “chip and pin” system used in Europe. This would make your card unusable in the U.S.
http://www.facebook.com/KBENBENEK Kurt Benbenek

I found the perfect workaround for this. I just keep my cash under the mattress.
- http://www.ikaink.net Itsumishi
  
  Also great for tax avoidance!
- bcsizemo
  
  I keep hearing about buying “gold” on the radio. I should look into that, sounds like a good idea.
- Ambiguity
  
  I used to do that, but the darn scoundrels swapped my mattress for a fake one.
  
  I lost everything.
- http://twitter.com/ChemicalOli Oli Newsham
  
  My solution is to place little plastic devices on ATMs that read card numbers then clone cards and use them. If they get stolen it’s not my problem. Wait…
formosaman

Cashback from shops or using the machines actually inside banks seems to be the way to go.
tapani kuusisto

Why don’t they make the front element of ATMs from transparent polycarbonate? It would be impossible to add any undetectable skimmers.
- Paul Renault
  
  Dang! I came here to say exactly this!
  
  Added: I just realized why some ATMs (example: Loblaws’ President’s Choice Bank in Canada) have transparent card-accepting slots.
  - http://illustratorhints.com/ Jesseham
    
    Yeah, Chase and BECU are transparent and backlit here in Seattle.
- http://twitter.com/ChemicalOli Oli Newsham
  
  That’s actually a genius idea!
Tom Pappalardo

Friends and family often tease me for being suspicious of men who stop to tug at ATMs that they pass on the street.
bobtato

If you succeed in pulling a device off an ATM, you might find a bunch of big Ukrainian men with not much to lose getting out of a car behind you…
http://goodsharer.com/ Aloisius

When are they just going to cover the whole ATM with a hologram or at least an incredibly complicated paint job?
Alexander Borsi

What do you do in the event that you DO find one of these devices? I would like some mutants thoughts on what you should do.
- http://deansli.st/ Dean Putney
  
  Hang onto it tight, that’s your ticket to the chocolate factory!
wrybread

I’m guessing whoever could come up with such a well made device could easily foil the “i’ll pull on it to see if its real” test. A little VHB tape for example would easily foil that. The skimmer could be disposable, or require a tool to remove.

But I suppose it makes for an interesting hobby.
http://illustratorhints.com/ Jesseham

My defense is to move my fingers around over all the keypad buttons as I am entering my pin.

The gas pump is where I am most paranoid…
http://www.paradea.org/notes/ Teirhan

I avoid this issue by never using an ATM.

However, i open myself up to other issues by using a debit card as credit on the internet. Curses!
Cowicide

FIXED
- http://twitter.com/ChemicalOli Oli Newsham
  
  Unless the keypad also has a device placed over it ;)
http://twitter.com/ChemicalOli Oli Newsham

“friends and family often tease me for stopping to tug at ATMs that I pass on the street, even when I have no intention of withdrawing money from the machines.”

I’m so happy I’m not the only one who does this! Despite knowing its possible I’m not entirely sure what I would do if a skimmer came away in my hand. Call the police? Hide from potentially nearby Eastern European gangsters? Bother? We should start a support network for similarly afflicted people.