How money mules are using ATM Skimming to Get Your PIN & Under Your Skin
Undoubtedly, money mules continue to become more creative and elusive with the tactics they are employing to steal banking,
credit, and personal financial information. What’s more, one of the favored approaches by these people -- ATM skimming --
is causing financial institutions worldwide to lose more than $2 billion annually, according to the ATM Industry Association.
How easy is skimming? Inserting an ATM card scanner that reads banking information exactly as an ATM does,
money mules can extract sensitive credit card information by reading the information from the magnetic stripe on the back
of the card and recording, often with small cameras, the PIN information. The ATM Industry Association notes that these
attacks have jumped by 12 percent for the last year, making it the No. 1 ATM leak globally.
Why the spike?
One would think that ATM mules have shifted their focus to the mobile payments world as consumers gravitate toward
a more mobile-everything lifestyle. However, money mules find continued, even growing, interest in ATM skimming because
it’s very hard to catch them. Unless caught in the act, it is easy for money mules to stay clear from authorities as
they are constantly moving from ATM to ATM, all while cashing in incredible amounts of private banking information and
customer PIN codes.
Understanding the trends and types of ATM skimming
ATM mules are becoming increasingly sophisticated in creating thinner and smaller skimming devices that are harder to
detect. They are also finding ways to make skimmers easier to install, and cameras to monitor PIN code input are becoming
smaller and easier to hide. The innovation for thinner and smaller devices can be found in various forms, but there are
four growing variations that banks and retailers should be particularly aware of:
- Bluetooth-enabled skimmers. This form has prominently cropped up in the last few years, and it's a unique variant because the device includes a Bluetooth chip that enables thieves to retrieve stolen data wirelessly. This means the attackers don’t even have to remove the skimmers physically to get the stolen data.
- Mini-skimmers. A mini-skimmer is designed to slip inside an NCR ATM’s card acceptance slot, and, with a miniaturized pin-hole camera attached to the side of the ATM, it can record each customer’s PIN code. While this is more commonly found in Europe, we anticipate this form will soon makes its way to the US.
- Stereo skimming. Stereo skimming is an old skimming technique that’s made a comeback with the advent of MP3 technology. In this attack, money mules record the data used on the magnetic stripe using audio technology.
- 3D-printed skimmers. 3D printers have been used by some ATM mules to create customized and very hard to detect skimmer devices. These specialized devices fit over the existing card reader, and because they are 3D-printed specifically for the ATM or other card reader device, like at a gas pump, they are very hard for users to detect.
Combatting ATM skimming
While mobile and online payments are certainly on the rise and the chosen method for some, it is unlikely consumers will ever
completely stop using physical debet or credit cards. Because of this, ATM skimming will only continue to become more
sophisticated, making it imperative for banks and vendors to take action to mitigate and minimize the risk now.
New developments such as card readers that require customers to rotate their ATM cards 90 degrees or migrating to a chip-and-pin
physical card solution, which can help stop counterfeit card fraud, are two alternatives to consider. In a more traditional sense,
reminding users to be cautious with their ATM and debit transactions can also be an easy and effective way to flag suspicious
ATM skimming activity. It can be as simple as checking to see if the card reader is secure or layered with a fraudulent device
or even covering the PIN code input with a hand during their transaction.