ATM Skimming and The Future of External Threats

Posted by UpGuard

ATM Skimming and The Future of External Threats

A routine fill-up at the local gas station or ATM withdrawal might cost you dearly these days. With the recent surge in ATM and gas pump skimming attacks, you certainly wouldn't be alone—in fact, the odds are one in three that you'll fall victim to identity theft once your financial data is swiped. Is there any hope in an increasingly hostile landscape rife with external threats?

Known generally as "skimming," this attack method involves the installation of a physical device to steal credit card infomation from unwitting ATM users or gas station customers. Despite being around for some time now, the technology has experienced a bit of a renaissance lately, as marked by the surge in skimming incidents in 2016. This can be attributed to a couple factors—a form factor reduction of skimming devices down to a diminuitive thumb drive size, as well as a closing window of opportunity: ATMs and gas stations have until October 2017 to update their card readers with new fraud-reducing EMV technologies.

monitor your configs

So until then, it's high season for data skimming criminals. Vigilant ATM users and gas station customers should be on the lookout for suspicious looking devices when swiping/inserting their credit cards into public readers.

443137-how-to-spot-and-avoid-credit-card-skimmers.jpgAn ATM skimmer in action. Source:

The above is a photo of a real-life skimmer installed on an ATM. Ill-fitting attachments or misaligned parts (note the partial covering of the insert arrows) are tell-tale signs of a hijacked machine. However, even the most careful of users may still eventually fall victim—not to skimming, but shimming:  malicious readers inserted directly into the ATM’s card acceptance slot. Shimming devices are invisible to ATM users because they sit between the card's chip and the ATM's chip reader, inside the machine.

Proper Measures for Combating Future Threats

Cyber attackers are increasingly adept at jumping across physical-digital barriers into privileged networks—these types of attacks make credit card skimming/shimming seem like child's play. The infamous Target data breach was of course carried out using PoS-scraping malware; ATM malware is currently the scourge of Windows-based ATMs across the world, capable of stealing data from inserted cards and even forcing machines to dispense cash.

Malware and skimmers/shimmers aside, human error remains an integral trigger for cyber attacks. Consumers need to maintain a vigilant, watchful eye over where they put their data; similary, organizations are on the hook for keeping their systems free from vulnerabilities and security gaps. This is precisely what UpGuard provides: continuous security monitoring to keep your infrastructure's security inline with the expectations of your customers and end users. Sign up for a demo today to learn more.

How does UpGuard help IT Security?

More Articles

The Amex Partner Data Breach and Downstream Liability

If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >

The Nightmare Scenario: When Your Security Provider Becomes a Security Problem

You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >

Top Retailers Who Should Know Better

The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >

Topics: vulnerabilities, data breach

UpGuard Customers