What ATM Skimmers Look Like

KrebsOnSecurity has a fascinating look at ATM skimmers. After approaching a Russian skimmer “salesperson,” Brian Krebs asked about the latest and greatest in skimmer technology. His recommendation? A GSM-based SMS transfer system that blows out the contents of your card’s magnetic stripe whenever you swipe it. Because it’s inexpensive to build and install, you can even leave it if the feds find out because all the data is safe on your home servers. Get a pre-paid SIM card to grab the SMSes and you’re set! Instant Christmas miracle.

Here’s his GSM-based skimmer sales pitch:

So we potentially have already about 20k dollars. Also imagine that if was not GSM sending SMS and to receive tracks it would be necessary to take the equipment from ATM, and during this moment, at 15:00 there comes police and takes off the equipment.
And what now? All operation and your money f#@!&$ up? It would be shame!! Yes? And with GSM the equipment we have the following: Even if there comes police and takes off the equipment, tracks are already on your computer. That means they are already yours, and also mean this potential 20k can be cash out asap. In that case you lose only the equipment, but the earned tracks already sent. Otherwise without dumps transfer – you lose equipment, and tracks, and money.

That’s not all: There is one more important part. We had few times that the police has seen the device, and does not take it off, black jeeps stays and observe, and being replaced by each hour. But the equipment still not removed. They believe that our man will come for it. And our observers see this circus, and together with it holders go as usual, and tracks come with PINs as usual.

Another benefit of the GSM system? You reduce employee theft.

“Consider this scenario: You have employed people who will install the equipment. For you it is important that they do not steal tracks. In the case of skimmer equipment that does not transfer dumps, the worker has full control over receiving of tracks.

Call me paranoid, but I physically pull and push the skimmers on all ATMS I use. It’s not worth the risk.

via BoingBoing