95830
  • Posted by: admin
  • London , UK
  • On Oct. 18, 2018, 11:30 p.m.
Card skimming is defined as ‘the unauthorized capture of magnetic stripe information by modifying the hardware or software of a payment device, or through the use of a separate card reader’.
The card details and PIN are captured at the ATM and used to produce counterfeit cards for subsequent fraudulent cash withdrawals. The customer sees a normal transaction and retains the card. Multiple cards are compromised in one attack at one ATM.

Skimming is often accompanied with the covert capture of customer PIN data.
  • Hidden pin-hole cameras
  • Fake PIN Pads
Skimming started to gain momentum as a method of undermining plastic card-based systems in the mid to late 1980s.

Motivation

  • Low Cost/High Reward Crime
  • Low Risk of Detection & Weak Sentences
  • Availability of Devices & Methods
  • Constantly evolving in line with new technology developments: Communications, Storage

Skimming – Categories


Digital 1st Gen
  • The original skimming technique
  • Card data is stored on memory of the electronic circuit
  • Downloaded to a PC from digital skimming device via software
  • Highest data quality for the criminals/ but devices expensive
Analogue 2nd Gen
  • Increasingly common globally
  • MP3 or MP4 player used to record card data signal during transaction
  • Jamming signals from ASDs have to be filtered out
  • ‘Off-the-shelf’ software program used to decode the card data in clear
Stereo 3rd Gen
  • Two read heads: One reads jamming signal and card data signal; Other reads just jamming signal
  • Jamming signal is filtered out and card data signal accessed
  • Card data signal converted back into digital or analogue format
  • ‘Off the shelf’ software program used to retrieve card data in clear

Skimming – Recommendations


Invisible
  • Devices that prevent skimming (invisible)
  • Foreign object detection
  • effective in identifying, jamming or disturbing skimming devices when attached to the ATM.
  • Skimmer Jamming Signals
  • Other devices (i.e. jitter) – can only prevent digital skimming
  • Service Interface Protection
Visible
  • Prevent or hamper attachment or physical functionality of Skimmers
  • Protrusion devices
  • Card reader bezel design (the design of the entrance of the card reader to prevent attachments of skimming devices and /or make such devices obvious to the user (often over-ruled)
  • PIN Shields (shield the PIN from interception (some variants have been over-ruled)
Issuing
  • Monitor routine patterns of withdrawals and notify operators or financial institutions in the event of suspicious activity.
  • Alert systems: Alert customers of every transaction (or within a threshold or rule set) e.g. SMS messages
  • Issue Chip-Only cards
  • Regional card blocking (geo-blocking)
  • Make this customer configurable to reduce your overhead
For more information on Skimming and how to ensure your protection strategy is efective please contact us

Current rating: 5