IDG News Service - Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details.
Many banks have fitted ATMs with devices that are designed to thwart criminals from attaching skimmers to the machines. But it now appears in some areas that those devices are being successfully removed and then modified for skimming, according to the latest report from the European ATM Security Team (EAST), which collects data on ATM fraud throughout Europe.
Skimming devices are designed to record the account details from the magnetic stripe on the back of a payment card. The data can then be encoded onto a dummy card. A person's PIN (personal identification number) is often captured with a micro-camera, which was done with the illicitly modified anti-skimming devices, according to the report.
Banks in five countries also reported seeing a new type of skimming device, which uses a modified MP3 player to record card details. It also has a micro-camera to record PINs, according to a photo seen by IDG News Service.
EAST doesn't reveal which banks noticed the fraud or the country in which it occurred. EAST only notes whether the attack occurred in a country that is a "major deployer" of ATMs -- where there are more than 40,000 machines in the country. Those countries include France, Germany, Spain, Russia and the U.K.
Installing malicious software on an ATM is a more sophisticated way to execute fraud. One country of the five major deployers saw this style of attack, which was first seen in Eastern Europe in 2007.
ATMs often run operating systems such as Microsoft's Windows CE and are vulnerable to attacks executed remotely and by people who break into the machines to install malware. Both kinds of attacks were demonstrated by security researcher Barnaby Jack at the Black Hat conference in Las Vegas in July.
European banks haven't seen a new kind of attack called "shimming." This attack involved inserting an extremely thin plastic circuit board into a point-of-sale device or ATM. It then can record data either on the card itself or transmit the data using a wireless transmitter. Due to the design of ATM machines in Europe, "we don't think shimming is an ATM threat," said Lachlan Gunn, EAST's coordinator.
Overall, European banks have seen a record number of skimming attacks this year, but losses actually fell, according to figures released by EAST last month. Skimming losses amounted to €143.5 million (US$202.1 million) for the first half of this year, down 7 percent from the €154.1 million reported in the last half of 2009. The decline was attributed to the widespread deployment in Europe of chip-and-PIN (Personal Identification Number) cards or EMV (Europay, MasterCard, Visa) cards.
An ATM that is EMV-compliant checks the card's PIN via the microchip in order to let a transaction proceed. Cloned cards that do not have the microchip usually will not work.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts