Would you notice this?
There are countless news stories about credit card numbers being stolen by hackers, and people having thousands of dollars of fraudulent charges levied against their accounts. Target is paying out $10 million to compensate for a data breach in their system, however everyone from Sony to multiple financial institutions has been attacked recently.
Unbeknownst to many, there is another way that criminals are able to get hold of credit and debit card info that many of us would never notice – skimmers and keypad overlays.
A skimmer is a device that fits over the card slot on an ATM or gas pump or other device, and when you slide your card into the slot, you slide it into the skimmer as well as the ATM slot itself. You’ll still get your money, but the criminals will get your information and you’ll never know it happened, at least until you get robbed. Keypad overlays are the same, except they sit over the keypad of a machine and when you enter your PIN, it’s recorded on the overlay as well as in the ATM. Again, you’ll still get your money, but you’ll also have unknowingly given your information to some unscrupulous people.
Is there a way to avoid this, to tell if there’s a skimmer/overlay on your machine? Honestly, they are pretty clever in their design – if only these people used their talents for good. Anyway, while they clip right on and fit pretty snugly, to the point where you wouldn’t notice if you weren’t paying attention, there are some tells. For one thing, they don’t fit *exactly* right. Is there a raised side to the slot, or does something seem loose? Does the keypad rock back and forth slightly? If you give it a good once over, you may very well see if the machine has been compromised.
There is a technology known as chip-and-PIN in which a chip is embedded in the card itself, and a machine with the appropriate technology can match the PIN or the information on the magnetic strip with the chip in the card itself, and if the two don’t match the transaction is denied. Europe has used these for years and years, and France dropped credit-card fraud by 80 percent thanks to these cards. However in the U.S. adoption is slow, although we are starting to see more adoption of the technology.
Over on the Krebs on Security website there is a very informative series on exactly how they work and what you can look for. I would encourage everyone to take a look because it is not something that only happens here and there or that is too complicated for most people to do. It really happens and it could, possibly, happen to you if you’re not careful.
The following images are lifted directly from the Krebs on Security post to give you an idea of how easy it is to do, and what to look for, although as I said earlier I would definitely read the whole series of posts on his site and be educated. In fact, when it comes to information security, his site is a very good, very comprehensive discussion of the security risks that affect all of us. It’s worth stopping in every once in a while to see what’s going on in that arena.
You can see above how legitimate a skimmer looks, and how snugly and firmly it can fit over a card reader. Below are examples of skimmers that fit over slots, and entire machine fronts.
Below is a keypad PIN-Capture overlay that will record your PIN as you enter it. Note that it will still register on the machine itself so your transaction will complete, and you won’t know that your PIN has been taken:
Be careful, keep an eye out, and give any machine you use a quick once over. A little vigilance for this kind of thing can go a long way and save you a lot of heartache.