Fighting ID Fraud

Just the other day I was reading an interesting article about how ATM skimmers are making a resurgence in Europe. The ComputerWorld article, which you can read here, talks about the latest innovations in attacks against ATM machines. The skmming devices used by the fraudsters are attached to the ATM machine in order to “skim” the card details of the ATM users.

Some might think that skimmers are a bit of an old dog in the context of modern fraudster attacks. With so much recent press about the latest trojans, you couldn’t be blamed for thinking that skimmers may have had their day.

Unfortunately for us ATM users, you would be wrong. Despite valant efforts by many of the ATM providers to secure the machines and prevent such custom attacks, there seems to be a resurgence of this type of fraud spreading through Europe. In the article mentioned above they talk about how the latest wave of skimming devices can be made from modified MP3 players and a micro camera to record the PIN entry on the ATM keypad.

How often do you cover your PIN entry completely? I dont mean just from the person standing behind you. Think for a second how effective you PIN covering technique might protect you from a camera installed directly above the keypad?

Certain countries do have slightly more protection than others, but this is just a function of cost, and how much fraudsters are willing to spend in order to clone a card. Nearly all cards in the UK, for example, are now issued with EMV chips on the card and the ATM machine reads the data on the chip rather than the mag stripe. In other coutries around the world where the card issuers have not rolled out EMV cards, there is still a heavy relliance on mag stripe technology. The flip side here is that mag stripe cards are far easier and cheaper to clone than their chip based cousins.

Essentially the fraudsters are taking the lowest cost option when performing their attacks, but I imagine it wouldnt take long for them to shift their operations to a chip based attack if majority of card issuers switched strategy.

Security expert Brian Krebs recently blogged about his conversations with the European ATM Security Team (EAST). It is a great read and gives good insight into some of the statistics around ATM fraud.

My advice to avoid falling prey to an ATM skimming attack? Use ATMs that you use often and trust. If it is an ATM that you use often you should be able to spot any differences in the hardware, like damage around the console etc. Also work on your PIN security by trying to completely cover your PIN entry. Don’t forget, you are not just hiding your PIN from the person standing behind you. If at all possible try and use an ATM that is located inside a bank branch. These machine have better security like CCTV and they are not exposed late at night when fraudsters get to work installing their skimmers.