The Invisible ATM Skimmer

Cyberthieves are now bypassing traditional ATM "skimmers" and wiring directly into a cash machine's own card-reading hardware through a hidden hole in the ATM, TechCrunch reported on Monday (Dec. 1).

According to the European ATM Security Team (EAST), banks in two European countries recently reported ATM breaches that work like this: Thieves cut a small hole in the front of the ATM near the card reader, at a point normally covered by a decal or sticker. They then insert a wiretapping device through the hole, wire it into the the card reader, and finish up by covering the hole with a new decal. The wiretap device is then removed later by the thieves to harvest card data.

"A tap is attached to the pre-read head or read head of the card reader," EAST executive director Lachlan Gunn told security researcher Brian Krebs. "The card data is then read through the tap. We still classify it as skimming, but technically the magnetic stripe [on the payment card] is not directly skimmed as the data is intercepted."

Unlike most skimmers, which either overlay or slide into a card-reading slot, physically connecting to the ATM's own read head will likely be undetectable, at least without poking at the replacement decal.

With the new wiretap technique, ATM hackers still have to steal PIN codes using hidden cameras, but they've become skilled at hiding pinhole cameras on the machines. And even without PINs, the information encoded on the mag stripe by itself can be used successfully with many online merchants.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment