IDG News Service - Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details.
Many banks have fitted ATMs with devices that are designed to thwart criminals from attaching skimmers to the machines. But it now appears in some areas that those devices are being successfully removed and then modified for skimming, according to the latest report from the European ATM Security Team (EAST), which collects data on ATM fraud throughout Europe.
Skimming devices are designed to record the account details from the magnetic stripe on the back of a payment card. The data can then be encoded onto a dummy card. A person's PIN (personal identification number) is often captured with a micro-camera, which was done with the illicitly modified anti-skimming devices, according to the report.
Banks in five countries also reported seeing a new type of skimming device, which uses a modified MP3 player to record card details. It also has a micro-camera to record PINs, according to a photo seen by IDG News Service.
EAST doesn't reveal which banks noticed the fraud or the country in which it occurred. EAST only notes whether the attack occurred in a country that is a "major deployer" of ATMs -- where there are more than 40,000 machines in the country. Those countries include France, Germany, Spain, Russia and the U.K.
Installing malicious software on an ATM is a more sophisticated way to execute fraud. One country of the five major deployers saw this style of attack, which was first seen in Eastern Europe in 2007.
ATMs often run operating systems such as Microsoft's Windows CE and are vulnerable to attacks executed remotely and by people who break into the machines to install malware. Both kinds of attacks were demonstrated by security researcher Barnaby Jack at the Black Hat conference in Las Vegas in July.
European banks haven't seen a new kind of attack called "shimming." This attack involved inserting an extremely thin plastic circuit board into a point-of-sale device or ATM. It then can record data either on the card itself or transmit the data using a wireless transmitter. Due to the design of ATM machines in Europe, "we don't think shimming is an ATM threat," said Lachlan Gunn, EAST's coordinator.
Overall, European banks have seen a record number of skimming attacks this year, but losses actually fell, according to figures released by EAST last month. Skimming losses amounted to €143.5 million (US$202.1 million) for the first half of this year, down 7 percent from the €154.1 million reported in the last half of 2009. The decline was attributed to the widespread deployment in Europe of chip-and-PIN (Personal Identification Number) cards or EMV (Europay, MasterCard, Visa) cards.
An ATM that is EMV-compliant checks the card's PIN via the microchip in order to let a transaction proceed. Cloned cards that do not have the microchip usually will not work.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!