Skimming is a type of fraud that occurs when a criminal places a device over an existing card reader to record the PIN or card data, which is then transferred to another card to make fraudulent purchases. These illegal devices are often undetectable and can be installed on ATMs, point-of-sale (POS) terminals, or fuel pumps.
Earlier this week, we became aware of a “deep insert” skimmer found at an ATM terminal. These ultra-thin devices are inserted into the terminal’s card reader and paired with pinhole cameras that are disguised and made to look like they are part of the terminal. These devices are thin enough to allow a card to be inserted over it without initiating anti-skimming software or interrupting the terminal’s ability to grab and return the plastic to the cardholder.
This type of skimmer is not looking for chip data. It attempts to capture the track data on the magnetic stripe that is still included on both contact and contactless plastics. Once this track data is captured, fraudulent plastics are created, and card numbers are coordinated with the keystrokes captured via the camera to determine the corresponding PIN associated with the card. Since the magnetic stripe indicates there should be a chip read on the plastic, these transactions are shifted to fallback allowing the fraudsters then use these fraudulent cards at ATM terminals to perform balance inquiries and then withdrawals until funds are exhausted.
Below are some actions you can take to prevent and share information about skimming:
- Regularly monitor your ATMs. Owners should physically monitor ATM terminals for any changes to signage or other design features on the front of the terminal. Great efforts are often taken to replace signage with very strong adhesives to mask the pinhole cameras. Reviews should look for anything loose, crooked, damaged, scratched, or anything unusual or out of place. Taking photos of the front of the terminal for comparison is a great way to ensure no modifications have been made.
- Check for keypad overlays. In some instances, overlays are placed on keypads. While monitoring devices, don’t forget to pull at the edges of the keypad to ensure it is original to the terminal.
- Install anti-skimming software. Many ATM terminal vendors offer card readers that detect tampering that can be used in conjunction with anti-skimming software. Please contact Synergent or your cards vendor to learn more about these options.
- Implement contactless card capabilities on ATM terminals to avoid the need for cardholders with contactless plastics to insert their plastic into a card reader.
- Set custom rules. Card issuers should contact their fraud analyst to discuss custom rules surrounding fallback ATM terminal transactions.
- Educate cardholders. Inform them of best practices when using an ATM terminal to help them better protect their personal information. They can choose to use a gas pump closest to the store to reduce the risk of a skimmer or may opt to pay inside. At any POS terminal, they can run their debit card as credit. And always, cover the keypad with your hand when entering a PIN.
- Report skimming. Report any suspected skimming incidents at your credit unions to law enforcement, your local credit union league, and Synergent to help keep credit unions and their members informed.
Synergent’s fraud prevention experts are here to help. Contact us today with your questions.