Article

What every deployer needs to know about deep insert ATM skimming

In a Thursday webinar, security specialists will share updated information about this undetectable skimming technique — and discuss how deployers can guard against it.

October 3, 2016 by Suzanne Cluckey — Owner, Suzanne Cluckey Communications

As fraudsters step up their skimming attacks in a last hurrah before nationwide EMV implementation at U.S. ATMs — a move that is expected to curtail card counterfeiting, but take years to complete — deployers worldwide are at increased risk of being targeted for the latest criminal threat, deep insert skimming, and suffering its devastating results.

What makes this new data-skimming technique most troubling is that the device, which is placed well inside the card reader, is all but undetectable ... until the fraud losses start rolling in.

In a free, one-hour webinar on Thursday, TMD Security experts Claire Shufflebotham, global security director, and Tom Moore, managing director for North America, will share updated information on the growing problem of deep insert skimming.

Additionally, the webinar will offer information on how to protect ATMs from the deep insert device, which cannot be detected or disrupted by traditional anti-skimming solutions.

In a press release, TMD explained what makes deep insert skimming an unprecedented threat:

Deep insert skimming devices, also known as 'card reader internal skimming devices,' are placed deep inside the ATM or SST card reader.
They capture data stored on the magnetic stripe and remain inside the card reader, out of sight, for weeks, capturing the data from thousands of cards. Anti-skimming solutions that use jamming technology and detection cannot protect against deep insert skimmers.

A security update circulated in May by NCR Corp. offered a look at the extent and seriousness of the problem:

To date there have been confirmed reports of attacks on all ATM manufacturers in Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the USA. This suggests that 'Deep Insert Skimming' is becoming more viable for criminals as a tactic to avoid bezel mounted anti-skimming defenses.
Multiple variants of form factor of 'Deep Insert Skimmers' have now been observed in ATMs with both motorized and DIP card readers.

Those "multiple variants" are getting smaller and more sophisticated, as well, according to reporting by security blogger Brian Krebs. Initially the devices were as wide as the card slot itself; the latest versions are no wider than the magnetic stripe on the ATM user's card.

Until EMV is fully implemented worldwide, skimming will continue to be a major industry concern, and deep insert skimming will be a real and present danger.

"Deep insert skimming is the biggest skimming threat facing the global ATM industry because deployers are not prepared," Moore said. "Current anti-skimming solutions are not designed to protect against deep insert skimming. All ATMs are exposed to this new type of attack."

Register for the live webinar, "Deep insert skimming: Breaking news on attacks and defenses."

Skimming / Fraud SecurityTMD Security Netherlands B.V.

About Suzanne Cluckey

Suzanne’s editorial career has spanned three decades and encompassed all B2B and B2C communications formats. Her award-winning work has appeared in trade and consumer media in the United States and internationally.