Think you’re too observant to have your card skimmed?

Blown up ATM.Think again.  A few days ago I tweeted a news story about how Australia is seen as a soft target for ATM card skimming gangs.  A few hours later a friend responded with an article from Lifehacker with tips on spotting ATM’s that have been tampered with.  Unfortunately, it was accompanied by a picture of a very oldschool and deceptive skimmer.  Ones of this size and bulk haven’t been used for many years and really do not suit the ATM at all.

If you follow the link at that Lifehacker article it takes you to a VERY good PDF document which demonstrates just how hard it is to spot modern skimming devices.  Most people wouldn’t do this though and just assume skimmers are still big bulky things as shown at the Lifehacker site.  A few more examples of current skimmers and a discussion about skimming after the break.

ATM Skimmer 1 ATM Skimmer 2 ATM Skimmer 3 ATM Skimmer 3 on ATM.

Those ones shown above are absolutely tiny.  They’d fit in quite well with most ATM’s we have in Sydney.  Added to this is the condition most of our ATM’s are in.  Twelve months ago some new ATM’s were installed at Macquarie Centre and they were the first ATM’s I had seen in 10 years where all the pieces seemed to go together quite well.  Usually the ones I am forced to use have doors that are askew, readers that are sticking back or jutting out, keypads that are uneven etc, and these are in untampered machines!

If legitimate working machines are in such a sorry state, how are we expected to spot tampered ones?  If you regularly had no choice but to use machines in this kind of condition, do you honestly think you would have any hope of telling the difference between poor maintenance and a skimmer?

Over the last day or two talking about this on Twitter I’ve seen numerous people say to just use EFTPOS machines, get extra cash out when shopping.  Unfortunately this doesn’t make you immune either.  It was announced yesterday that 3500 cards have been skimmed on EFTPOS machines in McDonalds restaurants in Western Australia, amassing some $2.5 Million lost.

.

Skimming has been in the news a lot in the last year, but this is mostly because Australia has become seen as a soft target.  Many gangs from Romania and other countries have been coming here on tourist visa’s or even obtaining citizenship to make easy money.  Our high limits, lack of security and weak punishments for first offenders make this country a goldmine.

A number of years ago Europe enforced the chip and pin security system as opposed to the magnetic swipe system we are all used to.  It is at a point now where you cannot use a European card in Europe via the old swipe method – the magnetic “swipe” reader is only there for non-European cards.

One might well think (well, me and my tin foil hat has thought for a while until recently) that chip & pin systems can’t possibly offer any greater security as it still stores the same data.  The information though is securely encrypted throughout the whole process and has yet to be cracked despite peoples best efforts.  These systems have been designed from the card to back end to be much much better.  It is still not possible duplicate a chip despite the fact they’ve been around for 8+ years now.  Now that’s impressive.

EFTPOS with swipe and chipHere in Australia, the chip & pin system is only just getting rolled out despite the fact many EFTPOS machines have had the functionality for years (chip reader is that slot at the front – it’s impossible to tell for ATMs if they are chip enabled).  In fact I only used one three weeks ago for the first time.  So far it has only in been in Woolies where it detected I had a chip enabled card and insisted I use that instead of swiping.  Everywhere else, even if they have dual readers I still get to choose (and out of habit I swipe).

Chip readers need to be rolled out completely and more importantly enabled en-masse as they have been in Europe and Woolworths/Safeway.  That is the best way to curb the skimming rates in this country.  The shoddy maintenance of ATM’s and ever-shrinking size of skimmers has made it near impossible to protect yourself from them visually.

My advice?  If you have a debit/credit card that doesn’t have a chip, contact your bank and get it swapped over ASAP.  Try to use ATMs you’re familiar with, or EFTPOS with a working chip reader.  Learn to enter your PIN on all devices with your fingers closely covered so even you have to do it by feel rather than sight.  Police are also recommending you regularly change your PIN, but in the real world who actually does this?

Until chip and pin is enforced as in Europe though, I honestly don’t think there is any sure fire way to be safe.

Advertisements

One thought on “Think you’re too observant to have your card skimmed?

  1. Raising awareness about this issue is also something that I’ve been trying to do at my blog (http://www.contactless.wordpress.com), although it’s been mainly in the area of how to keep one’s identity safe from unauthorised access by criminals, as we ‘roll-out’ contactless RFID payment solutions. Maybe it’s not a widespread issue at this point in time, although I’m of a view that RFID enabled hotel door-entry access passes, could be targeted in the months to come, as elsewhere this technology has been ‘hacked’, ‘skimmed’ or ‘cloned’ by unscrupulous individuals.

    There are also some relevant (PDF download) case studies at http://www.trackandshield.wordpress.com which I’m sure you’d be welcome to draw attention to, or even paste into your blog with permission from the authors.

    Hope this of relevance to you, and once again thanks for raising awareness about personal safety; it’s a really important issue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s