The tech industry's continued effort to miniaturize as many components as possible so we can all have thinner gadgets, also means criminals have access to smaller devices. It's why the latest ATM skimmers, known as insert skimmers, can't be seen. And now they've started using infrared to wirelessly transmit the stolen card data.
Skimmers work by reading your card data as it enters an ATM. It used to be the case that the skimmer would form part of a fake fascia fitted to the ATM. However, the required electronics and batteries are small enough now that they can be slid inside the card reader completely and remain there undetected. But that only gets you the card data and not the PIN number being entered.
As Krebs on Security reports, recent ATM attacks in Oklahoma City relied on an insert skimmer (an example of which you can see above) combined with a tiny camera and data storage module fitted to the exterior of the machine. The insert skimmer included an antenna allowing it to communicate via infrared with the camera. So when a card is inserted the data is stolen and then transmitted to the camera module for storage. At the same time, the camera records the PIN being entered. And because it uses infrared and not Wi-Fi, sweeping for suspicious Wi-Fi signals around the machine won't detect anything.
- Visa Offers Restaurants $10K to Stop Accepting Cash Visa Offers Restaurants $10K to Stop Accepting Cash
By using this method, the insert skimmer can be permanently left inside the ATM and the criminal only needs to replace the camera when the battery runs low. The data stored with the camera will be timestamped, so the video of the PIN being entered can be matched to the card data because they would have been recorded within seconds of each other. The end result being all the information required by a criminal to use a stolen card.
The theft only works because both the card data and the PIN are stolen. The ATM won't look in any way suspicious, but you can stop your card details being stolen simply by covering your hand when entering your PIN. That way the camera won't be able to record the sequence and you're protected even if the ATM has been compromised.