ATM machines and internet banking is finding it's trend as an accessibility facility; something we get to use often without even realizing the importance of sensitivity of data involved using an ATM. ATM skimming has resulted in loss of millions of dollars around the world. Skimmers capture data from the magnetic strip of ATM cards via various methods and then clone that information on a blank ATM card that has a similar magnetic strip. This allows hacker to use bank accounts of the victims via ATM machines.
Personal identification is intercepted using custom and self made devices or gadgets which the hackers attached to ATM machines with ease without getting noticed. These devices make up portable data collectors which are mounted on the regular card reading slot. When the card is swiped in the machine, it reads the data on it's magnetic strip as well as allowing the ATM to do the same. Fake keypads are also mounted over original keypads to collect the other, independent, part of the secure information... the PIN code. The thief hacker then retrieves the device he placed on the ATM to access its mini portable storage.
The magnetic strip of the ATM card stores the user’s full name, account number, bank details and other series of information that is required to allow the card to function properly. If all this information is cloned on a card with blank magnetic strip, that card essentially becomes the same card as the user holds. Skimming devices can be mounted on different positions depending on the technology hacker developed; including the lighting fixtures of an ATM, the brochure plastic case, the ATM card swipe slot itself, and the keypad.
Another commonly used method is the involves the use of spy cameras. After mounting the card skimmer in the card swipe slot, the pin code can also be collected via a spy camera well hidden when the hacker tampers with the machine pretending to make a transaction. An example is shown below where the con has placed a camera in wooden casing to attach it to the ATM machine in combination with the card skimmer to swindle the users.
Card skimming devices that are attached to the card swipe slot to record data from the magnetic strip on the ATM cards can be seen in the image below. Criminals may then use the personal financial information gained along with the PIN that is achieved through spy cameras or fake key logging pads and withdraw cash from accounts of victims. The fake keypad presses the keys of original keypad under it to make it seamless and also stores the keys pressed in its own attached memory device.
This type of intrusion has recently hit Pakistan when a couple of university students in Islamabad designed their own version of a skimmer and robbed people off millions of rupees before being caught by the Federal Investigation Agency (FIA). The investigative report says that a total of Rs. 12 million was robbed using a single skimming device which included 187 PSO cards and a second skimming device for 1192 ATM cards. These university students included, Nasir Abbas, Muhammad, Zaheer Ahmed, Mustaqeem and Amir Shahzad, Javed according to a source.
It is also reported that FIA announced Zaheer Ahmed to be owning two skimming devices which caused a loss of almost Rs. 12 million to the government and private sector. The skimmer made by Zaheer Ahmed was used to acquire data of credit cards through the magnetic strip behind a card which holds the card owner’s details which was then used to clone the cards for fraudulent reasons including making transactions online so that the hacker did not have to take the risk of physically visiting an ATM machine repeatedly with a clone card. The second skimmer was a device that is mounted to an ATM machine to grab ATM users' information once they swipe their cards in the slot along with a device to log the keystrokes entered to gather the personal identification numbers (PINs).
Although banks have started taking counter measures but the hackers are also getting better at designing skimmers day by day. Over last few months, new skimming devices have been introduced by criminals which allow skimmers to access other components of ATM machines and use them to wirelessly transmit sensitive information of the victim the moment it is entered, hence, lessening the risk of a second visit for the hacker.
Skimming is not easy to detect but ATM users can be aware of some signs to prevent being victims of such crimes. It is best to be alert and always watch for the signs of an ATM machine being tampered with before you swipe your card. This especially involves the appearance of the machine such as glue residue, cracks, exposed wires, etc. Also check the card device reader; banks have started to attach their own mounts to the reader designed in a way which makes it difficult for the skimmers to attach malicious devices - so check if the card slot looks normal or seem to have an attached device to it. Against spy cameras, your best chance is to cover the keypad when typing in your PIN so that a hidden camera would not be able to view the keypad (and, ofcourse, confirm that you are alone in the cabin while typing your PIN).
ATM skimming is a hard to track process and is very attractive for thieves. ATM skimming maybe on the rise but staying informed and educated can reduce the likelihood being swiped by criminals. Social engineering involved in the skimming devices to appear as part of ATM machines or its own upgrades might also be involved and staying alert, informed and learning on the go is what makes you avoid such scams. The intruder maybe intelligent, but there is no cure for human stupidity and your own intelligence is your only real line of defense against social engineering.
No comments:
Post a Comment