How to steal credit card info
Taking just 5 seconds to inspect any credit/debit card readers before you swipe could end up saving you from identity and credit card theft. I’ll show you what to look for before you swipe your next card. The con is called skimming. Skimming works by retrofitting a perfectly legitimate card reader (like an ATM) with a camouflaged counterfeit card reader. The counterfeit reader records all of your card’s information as it passes through. To give you an idea of what we are dealing with, here is a picture of an ATM with a skimmer overlaid on to the slot where you insert your card and a micro camera hidden behind a bogus white plastic piece above the PIN keypad. This ATM was reported to police on September 6, 2008. Image is Courtesy of Naples Police Department: Would you have known it was stealing card data? The purpose of this blog is to educate you on how to identify a skimmer. To that end I’ve compiled a portfolio of example photos made up of both basic and advanced skimmers. It is by no means all inclusive but should give you a heads up on what to look out for the next time you go to swipe your card. According to law enforcement. “Credit card skimming has been around for years and is a growing problem that seems to be getting worse.” Many of us take for granted that inserting your credit/debit card into an ATM or swiping it at the grocery store or gas station is a safe practice. And most of the time you’d be right. However, skimmers are increasingly being retrofitted to legitimate ATMs, gas pumps, grocery/department store checkout machines, restaurants, etc. etc. you name it criminals are trying to skim your credit card from it. Here’s a look at the insides of the micro camera that is capturing video of your keypad presses. Image is Courtesy of Naples Police Department:
This is how the skimming scam works:
- Thief buys his skimming gear online from one of a slew of sources for around $400. Keep in mind that these sources in most cases legitimate companies selling credit card readers to real merchants for point of sale devices. This brings up the first problem; the sale of this equipment is completely unregulated. Below are some screenshots of perfectly legitimate businesses selling card reader gear for legal purposes. But since there are no regulations, skimmers can also buy them. Example bundle includes both a card reader and a writer. This reader must be plugged into a USB port to work. Later I’ll show you fully self contained and even smaller readers.
- The first part the thief buys is a card skimmer that matches the device type he wants to attack. For example, the image shown here is a gas pump skimmer. It fits neatly INSIDE of the gas pump and connects to the circuitry of the real card reader. This one was found last year when a gas station skimming ring was uncovered in Arizona. A typical card skimmer has a magnetic strip reader and local flash memory to store all the card data. Newer advanced skimmers are now being fitted with 3G radios so they can transmit skimmed card data back real time over the cellular network. This eliminates the need for the thief to return later and collect his card skimmer with all of the data on it. This also reduces the chance that law enforcement can catch the thief by staking out a skimmed reader waiting for the thief’s return. Photo Courtesy of Arizona Department of Weights And Measures.
The middle Image is the camera as it looks installed on the ATM. It looks down on the keypad to video you typing in your PIN.
The bottom image is yet another hidden camera position to look out for.
A keypad overlay accomplishes the same goal by resting over the top of the existing keypad. Overlays are extremely thin and look and feel just
like the real thing. They also store each key press, along with a timestamp, on a local memory chip. When you press the fake keypad it simply depresses the real key below it making the machine still respond to input.
The bottom image is the reverse image of the keypad showing the micro electronics that record and store your key presses. This keypad just overlays flat over the top of the real keypad.
The bottom image is a look at a skimmer that is attached to a mobile device that can send off the collected data via txt messaging real time.
This type of device is typically used in a card cleaner scam because it is so tiny and innocent looking. The thief will stick this skimmer horizontally somewhere around the real card reader with a label that says something like “Free Card Cleaner. Restore your cards magnet stripe here.” I think we’d be surprised at how many would do it.
The middle image shows a skimmer that fits conveniently in the palm of your hand.
The bottom image depicts some of the real world specs that are typical of the skimmers I’ve shown you so far. These little devices are self contained computers.
I’ve been giving security talks to Cisco users groups lately and thought it would be interesting to add a few slides on skimmers to my presentation. Before I presented I asked the audience how many have heard of skimmers. I was very surprised by the result. Only about 1/3 of the room said they had. This was surprising to me mostly because of the fact that my audience was comprised solely of technical professionals. Granted that few of them were security focused but still all of them were wise to the ways of technology and Identity theft. For example, if I would have asked who has heard of Phishing I’m sure everyone would have said yes. What is more disturbing perhaps is what the result would have been if I asked a group of “baby boomers” if they knew what a skimmer was? 5 Percent, maybe less, would say yes is my guess. This ad-hoc poll suggests to me that public awareness of the real threat posed by credit card skimming is almost non-existent and in need of help. Thus the reason I am writing this blog, to help get the word out. Now you, friendly reader, have been enlisted to help spread the word to your friends and family as well. There are several websites that have recommendations for defending yourself against card skimming and what to do if you become a victim. Here are two such sites Fightfraud.nv.gov Federal Trade Commission
So were you aware of this threat? Did you know it was becoming more common? Have you ever been skimmed before? What actions are you going to take during your next credit card swipe? Is anything safe these days. I guess if nothing else this makes brick and mortar shopping just as risky as Internet shopping wouldn’t you agree?
<a >Had you heard of skimming before you read this?</a> <br/> <span> (<a > surveys</a>)</span>
The opinions and information presented here are my personal views and not those of my employer.Source: www.networkworld.com