Crime Doesn’t Pay But ATM Skimmers Do

ATM skimming on the rise but there is hope for consumers

We live in a digital world so it’s only natural for bank robbers to move into the 21st century right alongside the rest of us. Armed robbers also face additional criminal charges for brandishing a weapon so stealing digital funds is simply less risky for criminals these days. So if old school crime doesn’t pay, what does?

Thieves have increasingly shifted to high-tech crimes such as hacking, identity theft, and skimming. Card skimming has found its way into many devices including ATMs, gas station pumps and even vending machines because once installed, each device will skim data from every card inserted. Famed security reporter and author, Brian Krebs, has been at the forefront of skimmer reporting for many years. His security blog regularly details the rise in ATM skimming including images of these seized devices, busted scams and security tips. Credit card alert service, FICO, saw a massive 546% increase in ATM skimming attacks from 2014-2015 with increases every year with no decline in sight.

Skimmers themselves are simplified card readers that are attached discreetly to actual payment terminals in a matter of seconds. Once attached, skimmers employ a simple magnetic reading head to skim data off every single card that is swiped. Pinhole cameras record video of corresponding PIN entries as well. All of this data is stored on a battery-powered device that is then retrieved by the thieves. Sometimes data is directly downloaded via a cable connection but wireless systems using Bluetooth are becoming increasingly popular. These wireless skimmers allow thieves to literally sit in their cars while collecting card data from distances up to 75 feet away.

Today, a standard magnetic striped card reader/writer including PC software can be purchased on eBay for under $50.

From there, the data can end up in the hands of other criminals willing to pay for it on the Dark Web or simply as a cloned card that will work in every ATM just like the original. Ever since the late 60s, magnetic stripes have been in use to communicate a range of data including financial transactions. Today, a standard magnetic striped card reader/writer including PC software can be purchased on eBay for under $50. This allows anyone with that data to simply burn a cloned version of any consumer’s debit or credit card. Since magnetic stripe technology is still a holdover from the 60s, it has no modern encryption means. To make matters worse, most EMV or Chip-and-PIN cards still include the magnetic stripe as a backup data repository for older POS (Point-of-Sale) systems so skimmers can still steal data from modern, encrypted EMV cards too. So if even the latest card technology is susceptible to skimming attacks, what’s a consumer to do? and many other websites list basic skimmer avoidance tips including paying for gas inside, concealing your PIN entry and choosing ATMs or gas pumps closest to lights and buildings. We’ve heard these tips before so I won’t dwell on them too much here, but one of the most effective defenses is using your ‘spidey-sense’. I’m not talking about an impending sense of danger (although any cash withdrawal situation could involve risks) but rather, a feeling that something doesn’t look or feel quite right. Since skimmers are physically placed over legitimate card readers, they tend to leave telltale signs of manipulation. Just like phishing emails written by non-native English speakers and writers can read strangely, an ATM with a crooked, loose or mismatched bezel color surrounding the card slot generally indicates subtle if not egregious tampering. But what’s a thief to do who doesn’t possess the design and installation finesse of Apple?

Cybercriminals have resources too. Some more permanent solutions involve Krazy Glue® to keep the bezel from shifting. On the Dark Web, a complete card skimmer kit can be purchased for a mere $1,000. Such kits include tutorial videos on installation and usage. For thieves on a budget, 3D printer files are also sold for them to print at home. This allows them to take their time in picking out the right 3D bezel file, modifying it where necessary and choosing the right color to match the target ATM’s design.

I’ve been in the wireless security business for many years so I’ve seen this cat and mouse gameplay out more times than I can remember. As soon as law enforcement deploys a solution, criminals deploy their own workaround solution.

Security researchers and academia tend to favor preventative and future solutions while many banks, gas stations and stores containing ATMs have a vested interest in saving money by making little to no change. But law enforcement needs tools right now to combat the problem. However, recent developments in this area leave me optimistic about the possibility of striking a deadly blow to illegal skimmers. I wish I could reveal more, but for now, I can only say that some of the best security minds are working on a solution that will appear later this year. Until that solution arrives…stay cyber safe.


Scott Schober
Scott Schober
SCOTT is the President and CEO of Berkeley Varitronics Systems (BVS), a 40-year-old New Jersey-based privately held company and leading provider of advanced, world-class wireless test and security solutions. As an experienced software engineer, Schober also invents BVS’ cell phone detection tools, used to enforce a ‘no cell phone policy’. These instruments are effectively used around the globe to find contraband cell phones smuggled into correctional as well as secure federal facilities. Mr. Schober is a highly sought after subject expert on the topic of Cybersecurity for media appearances and commentary. He is often seen on ABC News, Bloomberg TV, Al Jazeera America, CBS This Morning News, CCTV America, CNBC, CNN, Fox Business, Fox News, Good Morning America, Inside Edition, MSNBC and many more. His precautionary advice is heard on dozens of radio stations such as National Public Radio, Sirius XM Radio, Bloomberg Radio, and The Peggy Smedley Show. He regularly presents on visionary issues at conferences around the globe discussing wireless technology and its role in the current Cybersecurity breaches along with his vision for best practices to stay safe in the future. Scott has been interviewed in WSJ, Forbes, Fortune, Success, NY Daily News, Newsweek, USA Today, and The New York Times. Scott educates all business around the world about how to prepare for a future of Cybersecurity and corporate espionage, opening their eyes to this ever-deepening black hole of liability. He also shares his insights into covert cell phone detection and creates awareness to the subtle but powerful influence of drones. He has spoken at ShowMeCon, GovSec, Counter Terror Expo, ISS Americas, Espionage Research International, Connected World, ConstrucTech, IEEE, GSM World Congress and many more events. Mr. Schober was a VIP attendee at two Concordia Summits both held in New York and was selected to appear in an interview discussing national security. He is a guest-blogger on TripWire’s State of Security and also writes for HP’s Business Value Exchange.

SOLD OUT! JOIN OUR WAITING LIST! It's not a virtual event. It's not a conference. It's not a seminar, a meeting, or a symposium. It's not about attracting a big crowd. It's not about making a profit, but rather about making a real difference. LEARN MORE HERE