Just this morning, I discovered that several hundred dollars had been withdrawn from my bank account. The withdrawals were made from a Canadian ATM, and as far as I know, I've never been to Canada. I had become a victim of the ATM skimming scam - or, in my case, an in-store eftpos machine skimming scam. The bank is reimbursing my losses, but I have to go three days without an eftpos card while I wait for a new one.
I should've taken some advice from David Daw's article in PCWorld (US). Here it is so you don't make the same mistakes I did! Take particular note of the pinhole camera section - that's the tech scammers in New Zealand have been known to use.
- Siobhan Keogh, NZ PC World
The growing threat of ATM skimmer scams
Skimmers could steal your financial information at the ATM, or even at your local supermarket; we tell you how to protect yourself.
You may already know that it’s important to protect your financial information when you shop online. But a high-tech threat can steal your ATM or credit card information when you’re out shopping around town. Scammers can steal your card data without your even noticing, and the technology behind the scams is getting more and more sophisticated.
Credit card 'skimming' has become increasingly common in the past few years. Authorities recently uncovered a large, well-run operation where scammers attached their devices to the self-checkout machines at 24 Lucky Supermarkets outlets in Northern California. The scam affected hundreds of customers who used the self-checkout machines last October and November and had their account information stolen.
Skimmers clearly are a serious security threat. But how do these devices work, and how can you protect yourself?
How skimmers operate Credit card skimmers are essentially devices that thieves place over the actual card readers on ATMs and credit card terminals to collect financial information for fraudulent use. As a card passes through it, the skimmer reads the card’s magnetic strip, collecting its information. Beyond that basic design, though, a surprising amount of variation exists in the hardware and methodology used in these scams.
The hardware itself can range from small, cheap skimmers that are fairly easy to spot to elaborate 3D-printed rigs that are almost indistinguishable from an actual ATM.
Skimmers also vary widely in how they collect information. Just picking up the card number isn’t enough, so most skimmers have some way to capture and store the PIN and the security code (typically a three-digit number on the back of a card). Some skimmers place a false keypad atop the actual keypad that registers the user’s PIN, but newer devices employ harder-to-detect pinhole cameras mounted above the keypad to collect images of the person entering the PIN.
Some skimming devices store the stolen information locally and are physically picked up by criminals, but more and more devices transmit the data to their operators. And while some skimmers connect to a phone line, skimmers that send information wirelessly are becoming more common. Some will even send data to the scammer’s cell phone via Bluetooth.
Safeguards you can take With all these tools at criminals’ disposal, it may seem impossible to protect yourself from a skimming operation. Fortunately, you can take a few simple steps to avoid becoming a victim. The first and most obvious one is to look carefully at an ATM before you use it. Only an expert can spot the most sophisticated skimmers, but such devices are the exception, not the rule.
Be suspicious if something seems to stick out too far or doesn’t match the rest of the machine’s design. Many skimmers are fairly shoddy pieces of hardware that are weakly tacked onto the card reader. Kevin Haley, director of Symantec’s security technology and response team, says to get physical if necessary. “I wouldn’t hesitate to pull on something if it looks like it doesn’t belong,” he said. Before inserting or swiping your card, give the reader a good tug, or jostle your card in the slot to see if anything is loosely attached.
Pinhole cameras can be almost impossible to detect, but they are fairly easy to thwart. The next time you enter your PIN, just use your free hand to block the view of your keypad entry.
Beware of stand-alone ATMs Other warning signs may not involve the device itself. Beth Givens, the director of the Privacy Rights Clearinghouse, recommends looking out for anybody hanging around an ATM - some skimmers need to have a person posted nearby to collect captured information. And avoid using ATMs in isolated locations that don’t seem part of a store or financial institution. Scammers may set up false ATMs on occasion.
And of course, pay close attention to your credit card bills and bank statements; fraudulent charges or unauthorised cash withdrawals are often the first indication that your account information has been stolen. If you see anything suspicious, contact your bank or financial institution as soon as possible. Keep a vigilant eye on your ATM and on your credit card bills, and even the most sophisticated credit card scam shouldn’t cause you too much grief.