BankInfoSecurity.com - Information Security News, Regulations, & Education

Just Released: Our Online Webinar Catalog

Bank Information Security Articles

ATM Skimming: 8 Tips to Fight Fraud

Credit
EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Banking Institutions Must Take Preventive Measures

March 8, 2010 - Linda McGlasson, Managing Editor

Save

Digg

Delicious

Please login or register to save this article.

Comment on this article

Despite the recent bust of an alleged skimming ring, ATM fraud is on the rise and shows no sign of abating.

But one industry expert has a list of incident response tips for financial institutions that want to fight back against ATM skimming attacks.

Mike Urban, Senior Director of Fraud Solutions at FICO (Fair Isaac Corporation, the provider of credit scoring), says all types of ATMs - and even pay-at-the-pump gasoline stations - are under attack by tech-savvy fraudsters.

"As I have seen, [fraudsters] pretty much go after anyone; it's not one manufacturer or one model," Urban says.

Several skimmers have been found at gas stations around the country in the last month, and these are where the criminals are placing readers to capture the PIN and the card number before the PIN is encrypted. "I predict we're going to see more of those," he says. "They are targeting the weakness of the mag stripe, and that will be something we have to live with until a better solution is developed."

The Skimming Trends
The current trend began slowly, says Urban. Several years ago, the targets were primarily off-premise ATMs. Criminals could buy ATMs, place skimming devices in them and collect card and pin information. But when changes such as the encrypting PIN pad and other advancements in technology changed how PINs were protected, criminals began focusing on financial institutions' ATMs.

Recent arrests show the criminals perpetrating these crimes are from Eastern Europe. "A lot of the techniques and a lot of the technology they are placing on the ATMs are coming from Eastern Europe," Urban says. "Those criminals have been targeting financial institution ATMs for years, primarily because those are the kinds that are deployed -- there aren't as many stand-alone ATMs in Europe."

Click to Get Updates on the Latest Information Security News

Company*

Title*

Email*

Subscription Type:

Healthcare Enews

General Healthcare Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Government Enews

General Government Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Banking Enews

General Banking Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Credit Union Enews

General Credit Union Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Need Help?

Criminals placing skimming devices will target an attack for a day, a weekend, or a short period of time. They usually go to other ATMs of the same model/make to attack, that fit the look of the skimming device. They are much more sophisticated than previous skimming devices, he explains. "They also use the same paint coatings, so they are getting access to that information somewhere -- those compounds that generally aren't available at a local hardware store. You can't go in and order ATM gun metal grey paint. There is a real industry around the creation of these ATM skimming devices."

Urban says he's seen the Internet forums that offer the specially made devices. "I've seen examples of the IRC chat rooms where these devices are offered for sale. They usually are offered at about $2000 apiece, and they are very sophisticated, much more like a part of the ATM than ever before."

The Challenge for Banking Institutions
Many financial institutions don't invest in real-time fraud monitoring of PIN-based transactions, Urban says, because traditionally risk has been lower. His advice: Institutions need to take a hard look at where they're going to spend monitoring money. "By now I mean getting ahead of the curve before the fraud starts to happen, and get PIN-based card transaction monitoring in place."

In terms of thwarting attacks, Diebold's "jitter" technology has been effective, Urban says. With this approach, the card is drawn back and forth as it is pulled into the ATM reader. "It is best out there now, because it breaks up the card going in and out of the machine," Urban says. "Even if a skimmer was placed on the outside, they would only get parts of the stripe, not all of it at same time -- they would only get pieces of it as it goes forward and backward."

But even this technology advancement won't stop a determined criminal. It is a cat and mouse game, and from what Urban sees with increased skimming in the UK and Canada, "We're going to see significant increases in skimming."

1 | 2

View On 1 Page

Next Related Article:

10 Tips to Thwart Skimming

What do you do to discourage ATM skimming?

Here's your chance to be a part of the dialogue and engage with your peers! Just enter your comment to the right, click submit to send it to our Editor. All entries are posted anonymously.

Please login if you would like to post a comment on this question.

Topics of Interest

ACH

BankInfoSecurity.com Week in Review: Aug. 20, 2010
BankInfoSecurity.com Week in Review: Aug. 27, 2010

Guidance

OTS Update: Risk Management of Remote Deposit Capture guidance
Corporate Governance and Oversight by the Board of Directors

Messaging

Protecting Enterprise Data with Proofpoint Encryption
How to Identify Phishing Attacks, Email-Borne Threats, & Spam

IT Audit

Five Ways to Reduce Your IT Audit Tax
Real-Time Compliance Monitoring

FHFA

FHFA: Issues Subpoenas for PLS Documents

FFIEC

ID Theft Red Flags Examinations: What to Expect?
BankInfoSecurity.Com Week in Review: May 1, 2010

Latest Tweets & Mentions

Recent Content
Most Popular

1Heartland, Discover Settle at $5 Million
2How to Protect Consumers from ID Theft
3The Mobile Mandate
4Church Latest Victim of ACH Fraud
5Video: Why Cyber Challenge is Needed
6FDIC: 829 Troubled Banks
7ID Theft: Courts Cracking Down
810 Tips to Thwart Skimming
9Skimming: Old Crime, New Tools
10Key Elements of Risk Management

1Failed Banks and Credit Unions, 2010
22010 Data Breach Timeline
3Pay-At-The-Pump Skimming on the Rise
4Account Takeover: The New Wrinkle
5Tapping the Power of Social Media
6ATM Skimming: How Effective is Jitter?
741 Banking Breaches So far in 2010
8New Fraud Spree Investigated
9Social Media Policy - The 6 Essentials
10FDIC: Top 5 Fraud Threats

BankInfoSecurity.com Research

Podcast:Mortgage Fraud: Compliance to be a Challenge
Webinar:Incident Response: How to React to Payment Card Fraud
Handbook:2010 Webinar Catalog
White Paper:Understanding Man-in-the-Browser Attacks and Addressing the Problem
Regulation:FHFA: Issues Subpoenas for PLS Documents

Recent Blog Entries

Be Mindful of Insider Fraud Against Seniors

California's Financial Abuse Reporting Act, SB 1018, which r…

Read The Agency Insider by Linda McGlasson

Vendor Solutions

Actimize

Solutions For:

Anti-Money Laundering, Authentication, Fraud Detection
RSA, The Security Division of EMC

Solutions For:

Encryption and Key Management, Fraud Detection, Identification and Authentication

Marketplace

Information Security Media Group - Family of Websites

Banking

BankInfoSecurity.com
Careers
Blogs

Credit Unions

CUInfoSecurity.com
Careers
Blogs

Government

GovInfoSecurity.com
Careers
Blogs

Healthcare

HealthcareInfoSecurity.com
Careers
Blogs

About Us
Contact Us
Site Map
Terms of Service
Advertise
RSS

BankInfoSecurity NewsGet the RSS Feed
Agency ReleasesGet the RSS Feed
Latest ArticlesGet the RSS Feed
WebinarsGet the RSS Feed
BankInfoSecurity.com BlogGet the RSS Feed

Home
Training
Resources
Content Library
- Agency Releases
- Articles
- Handbooks
- Podcasts
- Surveys
- Webinars | Calendar
- White Papers
Careers
Blog

Advanced Search

Browse Topics

Agencies

Federal Deposit Insurance Corp
Federal Reserve Board
Federal Trade Commission
FFIEC
FHFA
FinCEN
Government Accountability Office
National Credit Union Admin.
NIST
Office Comptroller of Currency
Office of Thrift Supervision

Anti-Money Laundering

Banking Today

Confidence In Banking

Business Continuity & Disaster Recovery

Pandemic Preparation

Compliance

Bank Secrecy Act
Basel II
CA Bill 1386
E-SIGN Act
FACTA
Gramm-Leach-Bliley Act
Guidance
Identity Theft Red Flags Rule
NCUA Part 748
Patriot Act
PCI DSS
Sarbanes-Oxley Act

Emerging Technology

Application Security
Authentication
Cloud Computing
Data Loss
Encryption
GRC
ID Access & Management
Messaging
Mobile Banking
Network/Perimeter
Remote Capture
SIM/SEM
Social Media
Storage
Web Security

Fraud

ACH
ATM
Check
Debit, Credit, Prepaid Cards
First Party
Insider
Mortgage
Payments
Wire

Governance & Standards

BITS
Cobit
COSO
FFIEC Handbook
ISO
ITGI
ITIL
PCAOB

Identity Theft

Pharming
Phishing
Skimming

Leadership & Management

Physical Security

Biometrics

Risk Management

HR
Incident Response
Information Security Compliance
Insider Threat
IT Audit
Privacy
Risk Assessment
Social Engineering
Vendor Management

Training & Education

FHFA: Issues Subpoenas for PLS Documents..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
FFIEC Issues 2009 Mortgage Fraud White Paper:The Detection and Deterrence of Mortgage..Next Topic
DoJ: Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act..Next Topic
FDIC: Fraudulent Work-at-Home Funds Transfer Agent Schemes..Next Topic
Joint Statement by Education Secretary Duncan, Homeland Security Secretary Napolitano and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
NIST: PIV Card Application and Middleware Interface Test Guidelines, SP800-85A-1..Next Topic

A-
A
A+