What is a skimmer?
A Skimmer is a small electronic device used to steal credit or debit card information in a legitimate transaction.
You may have heard about card skimming in restaurants. Typically a victim’s card is taken out sight where it is scanned by a skimmer. Call centres and gas stations are also other areas where skimming could happen easily.
In this blog article we will be going over a few skimming scenarios that have been highlighted by Krebs on Security recently. Krebs has an amazing blog series on many common skimmers that is worth a read.
Our goal here is to educate our merchants and their customers on common skimming tactics so that credit card fraud can be detected and avoided.
Krebs highlights this skimmer from 2009 that was attached to the front of a Citibank ATM in California and asks if we would be able to see the device.
Most people probably would have never noticed this skimmer. We are constantly on the go and wouldn’t even notice or think about looking at the device that is taking their credit card information. This is why it is our responsibility as merchants to routinely monitor devices as much as we possibly can.
This device is quite sophisticated, it snaps on top of the ATM’s card reader and looks like part of the actual ATM. It even has a pinhole camera that is designed to capture the card victim’s PIN number as they enter it.
Skimmers like these can be homemade or bought online from criminal forums. Some are so sophisticated that they can send the victim’s card data by SMS message to a thief’s mobile number.
This skimmer is very sophisticated and is for Verifone POS. It’s an easily installed overlay that is highly unnoticeable. Recently some fraudsters installed this system at a Nordstrom department store while the employee who operates the register was distracted. Nordstrom later discovered the skimming device on their POS.
As a merchant or a customer, would you have spotted that one?
Krebs’ blog has identified many interesting skimmers. This one however is probably the most interesting of them all. Credit & Debit card thieves went through the trouble of creating a completely fake ATM that stacks right on top of a legitimate ATM. IT was discovered in November 2013, when a customer at the Bank of Brazil tried using his ATM but was denied. The customer called the cops with suspicion and the police removed the skimmer from the machine. See what it looks like below:
The skimmer was made from a disassembled laptop and skimmer pieces.
Something that gives away these skimmers are spelling mistakes similar to the ones you would see in a phishing email or fraudulent popup window from a website.
Customers: Remember to take notice to the machine you are using every time you use a credit or debit card, especially when traveling.
Merchants: Pay attention to your hardware, regulate it for fraudulent technology and make your greatest effort to abide by PCI compliance standards. This will save you tons of money and can prevent you from loss of reputation.