Many people have been try hacking their way to getting other people’s money. While most hackers prefer to do it by stealing your information online through unsecured VPN-less channel, ATM skimming still have not lost its ‘charm,’ like the one fraud experts found in Mexico.
The recently found ATM-skimming device is quite unusual as it sits between the ATM chip reader and chip on your card while mimicking the way the ATM recording your data. It becomes more dangerous as the only hackers need to get your data is inserting this shimmering device into the ATM card slot, without even accessing the ATM internals or your VPN-secured channel. After that, they can read your data directly from the card.
The Shimmer: It is Worse than Any Security Threat You May Have Encountered with Your VPN
As you can see from the image above, there are two main components of this shimmer. First, the upper black part provides power for this device. At the right side of the simmer, you can also see eight gold rectangular leads. These are probably the most important part of the device, as the hackers use them to read data from your card.
It did not take long for local fraud experts to find this device, as people keep complaining about getting unusual financial activities at local VPN-secured security forum. Finding the breached ATMs was not difficult, but there is still one big question. Why should the thieves target ATMs that require card holder to quickly remove the card after inserting it? Moreover, we still do not have information on whether the thieves connect the device with PIN pad overlay or hidden camera to help steal the PINs.
So, how does the shimmer actually look? Take a look at the following image.
There is a reason you cannot see the golden leads. The thieves have them covered under the chip reader to make you believe the shimmer is part of the ATM, lowering your awareness on your card security. You probably will not realize until you lose something.
So, what should I do? Well, most ATM cards today come with both magnetic stripe and security chip to provide advanced security. One of these additional security features is the iCVV (integrated Circuit Card Verification Value). Unlike the CVV (Card Verification Value), iCVV prevents anyone from copying cardholder’s data from the card chip. It also allows your bank to check, through its own VPN-secured channel, whether someone used your data to create a fake card. However, there are some cases that even iCVV become less effective. While banks are strongly recommended to perform these card checking regularly and precisely, some banks just leave their ATMs run without regular maintenance for quite a long time, giving the thieves more than enough time to find out which ATMs will accept the fake magnetic stripe card, use your data to make a fake card, and steal your money.