Finding an ATM Skimmer

A member of SAGE-AU [1] found two ATM skimmers [2] and gave me permission to publish his description and analysis of the situation. I’ve lightly edited this from a mailing list post to a blog format with permission from the author. This Courier-Mail article refers to the skimmers in question [3].

People were wondering what gave the skimmers away so here goes, NB this is only about the 2 I discovered.

  1. The actual atms in question were the free standing type (but even this doesn’t matter in the scheme of things because they can be on those in a bank of the things).
  2. I’d actually conducted transaction and was waiting for my card to come out of the machine – these things looked that good. The colours matched – especially in the 3/4 or less light that you typically have on the fascia’s of such machine. The backing plate grey matched atm fascia as did the green “bubble” where the card goes.
  3. WHAT REALLY CAUSED SUSPICION – my card was having difficulty coming out of the atm at end of transaction i.e. card coming out extra slow – then only the end couple of mm, I had to physically grab my card with fingertips to get it out and there was barely perceptible movement of skimmer due to my fingers using the green “bubble” as purchase point, THAT was what made me suspect. I then really had close look and found that I could move the “bubble” with its backing plate – I pulled it off the machine and then looked at the atm next to it and found it to look exactly the same. These things are held on by double sided tape.
  4. Grabbed the cleaning lady wandering past showed her the device and asked her to get security. Security and centre operations manager subsequently showed up, while waiting for them I had to stop people from using either machine (everyone amazed at how good these things looked). Centre ops guy went and checked other machines in the centre, I left my details and they called the cops… I went straight to my credit union and reported what had happened and they cancelled my card and ordered a new one on the spot for me.
  5. Coincidently (or not) the centre ops and security lady told me that the machines had been serviced (refilled) not too much earlier that day – i.e. I wondered if the bad guys did the “service” or were tracking armaguard servicing types.

Quick side notes:

  1. 3 more skimmers have been found since then.
  2. Subsequently, I found out these were the type that needed to be picked up for the bad guys to retrieve the data i.e. these weren’t the type that transmitted to some-one sitting near by via Bluetooth/wireless i.e. in this instance I need not have cancelled my card and gotten a new one from my credit union.
    HOWEVER, it is best practice if you discover one and you’ve used that machine to immediately have your financial institution cancel your card and issue you a new one – though getting the new one can take up to a week.
  3. As I understand it, These 2 devices (i.e. others could be different) have 2 usb ports one for the reader and the other to a pinhole camera (commercially available type removed from it’s original housing). The magnetic stripe data is held on the audio track associated with the video and there was an 8GB storage card to hold it all i.e. it makes things easier for the bad guys to match PINs to card details.
  4. If you do find a skimmer DO NOT touch the insides (non public facing parts) of it – this is where the cops can really try lift dna and prints from; gathering prints from externally is far more fraught as everyone and their dog has probably touched the exterior of the skimmer.
  5. In the lead up to Xmas these things or similar are highly likely to become more prevalent as we all go about parting with dosh while gift shopping – SO BE AWARE AND CAREFUL.

1 comment to Finding an ATM Skimmer

  • me

    German banks no longer use the magnetic strip. I belive the first have been issuing cards entirely without it. Instead, the EMV chip you’ll find on most modern cards is (supposed to be) used. And it should not be as easy to copy.

    It does seem that as long as you do have the magnetic strip you aren’t safe – they just cannot use the fake cards in European ATMs anymore. Instead, they transmit the data the the US for example, copy it on a card and withdraw money on the less secure US ATMs.
    And if you have a EMV-only card, you might not be able to use it everywhere.

    However, I can imagine that the eastern european gangs that are suspected to be behind this, once that European banks started making the job much harder for them, are moving to other countries.

    I’m a bit suprised that the banks apparently aren’t using more complex countermeasures (well, maybe they are on newer ATMs, and just don’t tell). For example, a pinhole camera that monitors the card slot against tampering, and magnetic sensors to detect if anything was attached. It would be easy for the ATM to automatically call the police or service teams when such a manipulation was detected, and take it out of service on the next transaction.

    Of higher popularity recently apparently is the replacing of POS terminals. I.e. they go to some shop or restaurant, distract the staff, and swap the card swipers (or break into the shop at night). Then some time later probably swap them back. Apparently regular skimming dropped by 50+% the last year in Germany, except for POS skimming which increased. There was also one case where they were able to remotely manipulate the POS devices via a buffer overflow.