Criminals attack ATMs on two fronts. One thief sees a big box of money, another sees financial data. In this second post, I will be looking at skimming and its countermeasures.
ATM fraud is often conducted right under your nose. The most basic fraud is trapping, an old method revived in recent years as a response to increased security measures. One version, the 'Mousetrap', sees a fake front placed over the cash dispenser to trap withdrawls. The 'Lebanese Loop' uses a device with a small piece of wire or film placed over the card slot to keep the card from being withdrawn. The PIN is observed by a camera and as the victim goes into the bank to report the problem, the thief steals the real card for later use. More sophisticated is 'Skimming'. Here, the criminal places a magnetic stripe reader over the card slot to record the card's data, again using a camera for the PIN. A clone of the card can then be made for cash withdrawls and shopping sprees.
So what security features are being implemented to counter this problem?
The most visible counter-measure is EMV, also known as Chip and Pin. This card system verifies payments with an integrated chip, considerably more secure than the magnetic stripe. The system has been rolled out across the EU, Canada, Mexico and many others. This doesn't include the USA, where the cost of overhauling payment systems is estimated at $10 billion. Cards needing to be international, all EMV cards still carry the magnetic strip. Card data stolen in EMV countries is simply sent to a country without the technology.
The other option is to upgrade ATMs themselves. Technology for fingerprint verified transactions exists today, but banks don't have the money to replace their machines and cards due to the poor economy. The only viable option is to use retrofitted kits such as TMD Security's Card Protection Kit (CPK). The CPK is compatible with all makes and models and cannot be seen from the outside of an ATM. It creates an electromagnetic field over the card slot, disabling skimmers while allowing transactions to continue. It can detect when materials such as plastic, iron, paper or wood have been placed onto the machine, or when it is being tampered with by a drill or other tools. It even has an anti trapping function where the machine will keep the card on predefined conditions. CPK has been installed in 100,000 machines worldwide including all of Norway, where trapping and skimming is now non-existant.
Next installment in ATM Security: Malware
Sources:
http://www.tmdsecurity.com/Products?
http://www.atmmarketplace.com/whitepapers/1793/Anti-skimming-Technology-and-EMV-for-the-ATM
http://www.alderleyedge.com/news/article/4170/cash-machine-fraud-hits-alderley
Wikipedia: ATM, Lebanese Loop, EMV
No comments:
Post a Comment