- Posted by:
On Oct. 18, 2018, 11:30 p.m.
Card skimming is defined as ‘the unauthorized capture of magnetic stripe information by modifying the hardware or software of a payment device, or through the use of a separate card reader’.
The card details and PIN are captured at the ATM and used to produce counterfeit cards for subsequent fraudulent cash withdrawals. The customer sees a normal transaction and retains the card. Multiple cards are compromised in one attack at one ATM.
Skimming is often accompanied with the covert capture of customer PIN data.
- Hidden pin-hole cameras
- Fake PIN Pads
Skimming started to gain momentum as a method of undermining plastic card-based systems in the mid to late 1980s.
- Low Cost/High Reward Crime
- Low Risk of Detection & Weak Sentences
- Availability of Devices & Methods
- Constantly evolving in line with new technology developments: Communications, Storage
Skimming – Categories
Digital 1st Gen
Analogue 2nd Gen
- The original skimming technique
- Card data is stored on memory of the electronic circuit
- Downloaded to a PC from digital skimming device via software
- Highest data quality for the criminals/ but devices expensive
Stereo 3rd Gen
- Increasingly common globally
- MP3 or MP4 player used to record card data signal during transaction
- Jamming signals from ASDs have to be filtered out
- ‘Off-the-shelf’ software program used to decode the card data in clear
- Two read heads: One reads jamming signal and card data signal; Other reads just jamming signal
- Jamming signal is filtered out and card data signal accessed
- Card data signal converted back into digital or analogue format
- ‘Off the shelf’ software program used to retrieve card data in clear
Skimming – Recommendations
- Devices that prevent skimming (invisible)
- Foreign object detection
- effective in identifying, jamming or disturbing skimming devices when attached to the ATM.
- Skimmer Jamming Signals
- Other devices (i.e. jitter) – can only prevent digital skimming
- Service Interface Protection
- Prevent or hamper attachment or physical functionality of Skimmers
- Protrusion devices
- Card reader bezel design (the design of the entrance of the card reader to prevent attachments of skimming devices and /or make such devices obvious to the user (often over-ruled)
- PIN Shields (shield the PIN from interception (some variants have been over-ruled)
For more information on Skimming and how to ensure your protection strategy is efective please contact us
- Monitor routine patterns of withdrawals and notify operators or financial institutions in the event of suspicious activity.
- Alert systems: Alert customers of every transaction (or within a threshold or rule set) e.g. SMS messages
- Issue Chip-Only cards
- Regional card blocking (geo-blocking)
- Make this customer configurable to reduce your overhead
Share on LinkedIn
Share on Facebook