August 26, 2015
A majority of financial institutions and merchants in the US have started using chip-and-PIN technology with a belief that it has a high level of security for everyone, including their customers. However, a recent investigation by Damage Control S.A. in Mexico questioned the security of chip-and-PIN technology in card readers.
A new type of data skimmer was found in Diebold Opteva 520 with Dip reader. A dip reader is the slot you see in ATM machines where you have to insert the card and remove it quickly. This new type of skimmer came to be known as shimmer since the device acts as a shim between the card reader of the ATM and the chip on the ATM card. This shimmer alone doesn’t complete the trap. It requires a GSM module that sends the encrypted data back to the hackers and spy cameras that are installed above the keyboards of the ATM machine.
A shimmer that is fitted above the card reader from the outside
To enable this hack, crooks have to enter the ATM location physically and enter this device in the ATM with minimal effort. This fraudulent activity by the crooks in Mexico was recorded via Crimedex, which is a service of video intelligence firm 3VR.
As reported in a blog by Security Affairs, other ways to hack the chip-and-PIN technology include:
- Use of SMS or text messages from ATMs using malicious codes
- Using an electronics soldering tool and a phone SIM card instead of card chips in restaurants
With the adoption of every new technology, there are people in the industry who are ready to hack it. Banks, merchants and financial institutions need to keep an eye on fraud happening around the globe to ensure the safety of their customers.