back to article Teensy card skimmers found in gullets of ATMs

A series of tiny and sometimes transparent card-skimming devices have been detected in ATMs across Europe, researchers say. Boffins with the European ATM Security Team (EAST) have plucked out and displayed some clever thumb-sized skimmers that hide from victims' view by fitting in cash terminals' gullets. The devices paraded …

  1. Roger Stenning
    Flame

    It might actually help...

    ...if they post those photos on publicly viewable, rather than subscription-only, sites: Prevention is better than cure, and it'd be useful for us unwashed masses to know just WTF we're looking for, when trying to prevent ourselves from being fleeced by these feckless buggers, after all.

    1. Anonymous Coward
      Anonymous Coward

      Re: It might actually help...

      ...if they post those photos on publicly viewable, rather than subscription-only, sites

      Although I agree with your point in principle, the devices are actually designed to be near invisible - I reckon it'll be nigh impossible to detect. I wonder how they detected these things (and I suspect they won't tell us to avoid helping the criminals improving the devices).

    2. 's water music

      Re: It might actually help...

      Not sure if the article was updated after your post, but the Krebson link in the article shows what you (and I) were after.

      1. Roger Stenning
        Thumb Up

        Re: It might actually help...

        No, I'd not clocked that, thanks.

  2. This post has been deleted by its author

  3. A Twig

    *dum de dum de da*

    "reported one style of skimmer that used audio waves to transmit captured card details"

    What does it do, wait until you've walked away and then start singing your card details to anyone passing by?

    Oh wait, on re-reading, it needs decoding apparently, so maybe it just nonchalantly whistles the details in Morse code when it detects no-one is nearby?

    All joking aside I'm actually quite intrigued! How does this work?

    1. Ian 62

      Re: *dum de dum de da*

      [citation needed]

      I'd imagine/assume it works on the same principle as the Cineworld quiz app and those damn furby-ipad app combinations, lets the kids chat to the furby via an iPad app.

      They encode a high frequency audio that you can't 'hear', but must annoy the hell out of dogs. So its just broadcast out of a mini speaker and picked up by the microphone. The fury iPad combination was particularly painful for me at least. No one else in the house could hear it, and I only stopped twitching once the furby was 'humanely' put down.

    2. BristolBachelor Gold badge
      Joke

      Re: *dum de dum de da*

      It goes:

      BZZZZZZZZZT B'dong B'dong Shhhhhhhhhhhhhhhhh

      I know the sound well because I still have to rely on it sometimes :( The internet at 9600 or 2400 baud is not fun anymore

  4. Marvin O'Gravel Balloon Face

    Pin hole cameras.

    Always a good idea to hide your pin, even if there's nobody in the queue behind you.

  5. Anonymous Coward
    Anonymous Coward

    Time for change

    Long prison sentences instead of a slap on the wrist will reduce cybercrime. You can never remove all the scum from society but you can remove a lot of it for a long, long time.

  6. Hellcat

    So what are we meant to do?

    Attempt to pull apart every ATM we use?

    Given the number of different designs we encounter, it's hardly surprising we don't notice something unusual. How difficult would it be to have a single plain design, so any 'addition' would stand out like a sore thumb?

    Perhaps having the pin entry on a touch screen, with the number positions randomised? Then there would be no 'false keypads' and no 'warmth spotting'.

  7. Hellcat

    Since the unencrypted magnetic stripe is the biggest vunerability, why aren't ATMs transitioning to being (or at least supporting) chip&pin or even contactless? Wouldn't that at least make it harder to skim people's details.

    As one commentator on the Krebson page put it - you don't need to outrun the bear, you only need to run faster than the other campers.

    1. Dale 3

      Wipe the magstripe

      Krebson says that most European cash machines are only accepting chip & PIN, and banks issue cards with magstripes for compatibility with the rest of the world (mainly USA it would seem).

      Maybe banks should start issuing cards without magstripes, for use at home and in Europe, with an option to order a duplicate with a magstripe if you want to travel beyond.

      In the mean time, as long as you're sure that cash machines don't need the magstripe, you could just wave your bank card over the back of a speaker magnet so it wipes the magstripe content.

    2. F0rdPrefect

      Contactless? No thanks!

      "or even contactless"

      From things read here and elsewhere contactless is even less secure than mag stripe.

      And it is limited to £15 for a reason, so that you can't be robbed of £250 or £500 at a time by a walkby scan.

      1. Hellcat

        Re: Contactless? No thanks!

        The limit is due to it being a single factor authentication... and wireless even if only almost in contact with the reader. I would suggest adding PIN for taking out larger amounts, and I expect with the contactless being encrypted it is more secure than the mag strip. Reading elsewhere it seems 1st gen (over 5 years old now) contactless were not encrypted, or not to the same level as today.

        I've not seen anything to say if the cash machines in the UK are magstrip or chip&pin once it disapears inside the machine. Perhaps it's time for an experiment?

        1. F0rdPrefect

          Re: Contactless? No thanks!

          "I've not seen anything to say if the cash machines in the UK are magstrip or chip&pin once it disapears inside the machine. Perhaps it's time for an experiment?"

          UK machines are hybrids, as I think are the rest of Europe.

          If you insert a chip & pin card, they use that technology, but they have had to retain mag-stripe because of American cards.

          I think that is what I read on The Beeb website the other day.

  8. Lee D Silver badge

    Sod all the other security measures.

    Just send me a text when a transaction occurs on my account. I'll be able to tell you IN SECONDS that it's fraudulent.

    Like my Italian girlfriend's entire family and friends have whenever they have a transaction occur. Her dad was worried because when buying something for us in B&Q once, his phone beeped twice while we were still at the checkout and he was able to tell the girl (via a translator) that she'd double-charged him for the goods. It was THAT quick, even internationally.

    Prevention might be better than the cure, but we clearly can't prevent and a rapid diagnosis will catch more than sheer ignorance ever would.

    Anyone know a SINGLE UK bank that offers this? They can have my current account in a heartbeat.

    1. cbars Silver badge

      r.e. Teensy card skimmers found in gullets of ATMs

      Great idea. Just [proprietory search engine]ed "bank text transaction", you're correct that none of the UK banks offer this service. However it looks like Lloyds do a free text alert for transactions made abroad; HSBC do a weekly statement (though if you've more transactions than 160 characters you won't see them.... which isn't too much help with all this bonking nonsense).

      I'm looking into, upvote for you, cheers :)

      Edit:

      HSBC will send you alerts when "a lump sum has been withdrawn from your account (minimum £25)"

    2. Bonce

      Santander offer text and/or email alerts for transactions that meet whatever criteria you specify. I get alerted while I'm still standing at the cashpoint but sometimes it takes a few minutes for the message to come through.

  9. jb99

    "unregistered prepaid cards"

    I didn't know such things existed. Might be useful for general privacy?

    Where can I get such a thing?

    1. MachDiamond Silver badge

      Re: "unregistered prepaid cards"

      It would be handy to get an unregistered PP card when traveling to Europe from the US that uses a C&P system. Just something that will work for walking around money.

  10. Anonymous Coward
    Anonymous Coward

    Re. devices

    Another popular method is to use pulsed infrared from what I have heard, and a telescopic lens on the receive end.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like