Many of us can remember a time when everyday electronics and technology—from computers to cell phones to TVs—required more space to house their inner workings. Much of our technology has been continuously shrinking over the years, and fraud technology is no exception. Case in point: A recent article posted on security blogger Brian Kreb's website discussed how European ATM card skimmers are getting smaller and more difficult to detect.
The organization EAST, or European ATM Security Team, recently released a report revealing a diminutive ATM skimming device that, according to American Banker, is “so small it’s easy for the human eye to miss.” This thin or mini skimmer is designed to fit inside the card slot of an ATM machine, as opposed to a more typical skimmer that would fit over the card slot. As with their larger brethren, thin skimmers require the use of a miniature camera to capture the cardholder's PIN entry.
Thin ATM skimmer insert (left) and mini camera installed over PIN pad (right) Source: KrebsonSecurity
While Europe has become an early target for the use of thin skimming devices, the greatest risk for fraudulent payment card losses may very well be in the United States and other countries that have not yet transitioned their card infrastructure to EMV compliance. That’s because it’s much easier to encode stolen data onto magnetic stripe cards than on the chip-and-PIN cards used in Europe and elsewhere. And eventually, ATMs outside Europe could fall prey to thin ATM skimming devices, amplifying the problem even further.
Of course, a smaller device is not the first skimming innovation from card fraudsters. These days, a number of ATM skimmers are manufactured with a translucent plastic that enables the card-reading devices to evade visual detection. Many skimmers today also employ mobile technology so that fraudsters don’t need to retrieve skimming devices at the ATM, thus helping them avoid arrest.
Technology advances aside, we can’t prevent the deployment of ATM skimmers. We can, however, fall back on best practices with a proven track record for reducing risk exposure. Some are as basic as frequent physical security inspections, 24/7 video surveillance, participation in FICO’s counterfeit ATM fraud detection service, and employment of an analytics- and rules-based fraud detection solution. While the technology criminals employ may be shrinking, our commitment to fundamental anti-fraud practices should not follow suit.