Another day and another security threat for consumers with cards to worry about.
Today’s security special comes care of the Secret Service, which is warning banks and ATM firms about the dangers of “periscope” skimmers. The latest and greatest in card-stealing tech, the little cybercrime-enablers have been found implanted at ATMs in Pennsylvania and Connecticut. And for good measure: Because they are installed internally, they aren’t visible to ATM users.
A periscope probe works when it is installed in a pre-existing card reader that allows it to skim the magnetic stripe. The probe also comes equipped with a battery unit to power it and a storage drive on it to hold all the sweet, sweet credit card information. It is currently estimated that these devices can hold up to 32,000 credit card numbers at a time and will last for 14 days at a stretch on a single fully charged battery. The most at-risk ATMs seem to be those with openable lids, since they offer the easiest path to internal access.
The “good news” is that, while these devices are good for skimming card data, they don’t have access to consumer PINs. The not-so-good news — or, at least, the alarming possibility — is that these skimmers weren’t actually being used for anything but intel in preparation for a larger heist.
The other slightly better good news is that a large portion of skimmers can be defeated by the low-tech move of putting one’s hand over the cash dispenser’s number pad. Fake-button skimmers exist, but they are rare as they are expensive to produce.
And, as always, the standing advice for consumers is to avoid standalone ATMs whenever possible, since wall-mounted cash machines are much harder targets for malicious hardware installations.