UpGuard Blog

ATM Skimming and The Future of External Threats

Written by UpGuard | Jun 13, 2016 5:09:53 PM

A routine fill-up at the local gas station or ATM withdrawal might cost you dearly these days. With the recent surge in ATM and gas pump skimming attacks, you certainly wouldn't be alone—in fact, the odds are one in three that you'll fall victim to identity theft once your financial data is swiped. Is there any hope in an increasingly hostile landscape rife with external threats?

Known generally as "skimming," this attack method involves the installation of a physical device to steal credit card infomation from unwitting ATM users or gas station customers. Despite being around for some time now, the technology has experienced a bit of a renaissance lately, as marked by the surge in skimming incidents in 2016. This can be attributed to a couple factors—a form factor reduction of skimming devices down to a diminuitive thumb drive size, as well as a closing window of opportunity: ATMs and gas stations have until October 2017 to update their card readers with new fraud-reducing EMV technologies.

So until then, it's high season for data skimming criminals. Vigilant ATM users and gas station customers should be on the lookout for suspicious looking devices when swiping/inserting their credit cards into public readers.

An ATM skimmer in action. Source: Pcmag.com.

The above is a photo of a real-life skimmer installed on an ATM. Ill-fitting attachments or misaligned parts (note the partial covering of the insert arrows) are tell-tale signs of a hijacked machine. However, even the most careful of users may still eventually fall victim—not to skimming, but shimming:  malicious readers inserted directly into the ATM’s card acceptance slot. Shimming devices are invisible to ATM users because they sit between the card's chip and the ATM's chip reader, inside the machine.

Proper Measures for Combating Future Threats
Cyber attackers are increasingly adept at jumping across physical-digital barriers into privileged networks—these types of attacks make credit card skimming/shimming seem like child's play. The infamous Target data breach was of course carried out using PoS-scraping malware; ATM malware is currently the scourge of Windows-based ATMs across the world, capable of stealing data from inserted cards and even forcing machines to dispense cash.

Malware and skimmers/shimmers aside, human error remains an integral trigger for cyber attacks. Consumers need to maintain a vigilant, watchful eye over where they put their data; similarly, organizations are on the hook for keeping their systems free from vulnerabilities and security gaps. This is precisely what UpGuard provides: continuous security monitoring to keep your infrastructure's security inline with the expectations of your customers and end users. Sign up for a demo today to learn more.