Security & Fraud

NYPD Tests ‘Skim Reaper’ To Stop ATM Tampering

The NYPD is fighting back against ATM tampering with a device called the “Skim Reaper.”

According to CBS News in New York, the device can detect if an ATM or gas pump has been compromised.

Credit card skimmers steal more than $1 billion from U.S. customers each year, according to the Secret Service. For its part, the NYPD has four full-time, trained detectives tasked with finding skimmers, but says the problem is too widespread to be stopped with those resources.

“The problem is that it’s transient, they come in and place the device and move on. In early January we were getting killed,” Deputy Inspector Christopher Flanagan of the NYPD Financial Crimes Task Force said.

Now, after three years of study, cybersecurity expert Patrick Traynor and two Florida graduate students invented the “Skim Reaper,” a credit-card thin gadget that slides into card reader slots and can easily and quickly detect if an ATM or gas pump has been tampered with.

Most credit card skimmers work by installing an extra “read head” inside or outside a machine, which allows criminals to make a copy of the card’s information as a consumer swipes it. The Skim Reaper was built to detect when more than one read head is present. It’s attached by a wire to a cellphone-sized box with a small readout screen that says “possible skimmer!” when multiple read heads are detected.

Traynor gave the NYPD five Skim Reapers to test in February, and Flanagan revealed that officers in New York recently found the first skimmer using the device at an ATM in Brooklyn.

“I’ve been doing skimming for approximately five years now and I have never used anything like this or have known of anything like this,” said NYPD Det. James Lilla of the Financial Crimes Task Force. “It’s definitely an asset we can use to combat ATM skimming.”



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.