What you need to know about card skimmingby Sean Cooper | @sean_cooper | July 28th 2014 at 11:00am July 28th 2014 11:00 am
"Skimming" is a blanket term used when referencing a crime where you take small amounts of money. It literally means to take cash off the top, as if money were the sweet cream floating atop a cauldron of lesser riches. Fifty years ago, skimming might have meant stealing a handful of dollars from your employer, or even millions in elaborate scams we've seen in countless Hollywood films. Today's skimming, however, employs tricks and hardware that are absurdly complex and yet sneaky enough to elude detection. Unless you know what to look for, of course. Today's world of skimming is high-tech, and it wants your credit card and banking info.
Though we can't help you catch every conceivable method that crooks are using to try to rip you off, being armed with a bit of knowledge on the topic could save you major hassle down the road. No matter what you take away form this read, at a minimum you'll never look at an ATM or POS terminal the same way again.
WHAT IS IT?
A skimmer in the ATM world usually features two important pieces of hardware: A micro camera positioned within eyesight of the keypad, and a magnetic card reading device that captures your card's details. To "clone" -- duplicate -- your card, this is all the info a would-be thief needs. The scenario is, sadly, very simple: You wander up to your local ATM, pop your card in and a device captures your card details; next you type in your PIN and that's captured on camera. You carry on with your day, business as usual, but in the following weeks you'll get a call from the bank or credit card company about "strange" transactions on your account. Perhaps you've heard this story before?
Similar things happen with POS terminals in retail shops -- payment registers -- sometimes with the employee's knowledge and sometimes without. Bogus terminals exist that will even print out a "transaction complete" record when the device never actually contacted your bank. You buy a pack of gum, run the sale through with your card and the thief buys your treat for you. Then, using the info gleaned easily recovers his or her losses. Nervous yet? You should be, this stuff is rampant .
Recently there's been a spate of reports that gas stations are being targeted for skimming. The same principle for ATM systems is used, but the concentration of cards passing through gas stations is higher. It's like an ATM card smorgasbord. The system can be installed in under two minutes and the stored card details are easily captured remotely via Bluetooth by the crook. So unless someone notices the device, or its battery dies, a thief could quickly grab hundreds of accounts from just one skimmer.
WHY SHOULD I CARE?
Nobody wants to lose his or her hard earned money to some criminal, right? In most cases you'll have an argument to recover your losses, but the cost in time and to the banks is real. Consider the time and effort required to deal with your bank, your card company, any pre-authorized payments you have, potentially time off work. It'd be a pretty bleak feeling to get taken like this. Many of us have gone through the hassle of replacing cards when somebody got the details and used them without asking permission. Most people assume it happened because of an online scam, but the new reality is that more and more opportunities exist for this type of crime.
HOW DOES IT WORK?
ATM skimmers run the gamut from cheapish homemade plastic to the sophisticated custom pinhole cameras, keypad overlays and magnetic readers that can go in or over the existing slot. Plastic parts can be printed with a 3D printer. paint for parts is easily matched to
ape the real thing, and then using double-sided tape they're slapped on in just a few minutes. Skimmers can be purchased on the web by sites boasting how effective their equipment is, card printing stock and equipment to make credit and debit cards is fairly easily sourced as well. All this aligns to make it pretty easy to understand why somebody with some money and no worry of arrest would want to get involved.
So what do they do with this info? Well, the thief heads back to wherever he left his gear and physically retrieves it, or remotely downloads the info. A new card is then printed with your stolen details -- the aforementioned clone. Then a "runner" -- there are job titles! – is dispatched to either take all the cash they can using bank machines, or sent shopping for easily sold goods. Credit cards, of course, offer even more flexibility since they can be used online at many more places than debit can.
WHAT CAN I DO TO PROTECT MYSELF?
There's no magic answer yet, Interac Inc claims that Chip and Pin systems have done a lot to reduce debit and credit card fraud in Canada, but these systems are still backward compatible with the swipe system. The best advice is to pay some attention when paying for your transaction or taking out cash. Since the reader device is typically only secured with double sided tape, yank on it. You're not going to break anything. Give the ATM a bit of scrutiny before using it. Does it look like the others nearby? Are there any strange-looking bits that bulge out? Look above the keypad or to the side for pinhole cameras. If anything seems out of place, don't use it! Find another.
Cover your hand when entering your PIN number! It's a really easy thing to do and that one step will absolutely make the collected card details worthless.
Call your bank, talk to them about security policies. Are you covered if anything should ever happen? Are they taking steps to work with card providers to create new or improve existing policies? Banks are slowly beginning to use Two-Factor authorization to protect you and your money. Two-Factor means you use your password and a one-off key to access online accounts or login to your bank. So even if a thief has your card details and password, without the key they can't get in. Banks consider your card and PIN to be a two-factor system, though considering how simple it seems to be to get access, we'd suggest another layer wouldn't hurt.
WHAT DOES THE LAW SAY?
There's nothing vague about the law here. Theft is theft is theft, though; sometimes catching the people involved is difficult as the money can be spent abroad or on goods delivered to a P.O. box. Also, unfortunately, people often only contact the bank about a skimming-related crime and the bank sorts it out for the consumer. Once your bank has started the process to resolve it, call your local police and report it to them, too. Banks like paying out money about as much as you do, while it costs for them to spend on security, they'll do it to stop fraud to protect
you their bottom line
WANT TO KNOW MORE?
There's a wealth of great information out there about skimming and what current scams exist, arm yourself against them by taking an interest and protecting yourself by knowing a bit about them. Brian Krebs security site has a great series of articles on this very topic, I encourage you to take some time to read and check out all the pics of the various devices. Go have a peek at TwoFactorAuth.org. they maintain a great list of institutions that support two-factor and handy links to tweet to those that don't.
[Image credit: bedharak / Flickr, ASSOCIATED PRESS, Shutterstock / Oliver Hoffmann, Brian Krebs / krebsecurity.com]Source: www.engadget.com