Thieves Rig ATMs to Steal Cards, CashThieves don't just lift victims' account information from ATMs anymore. Now they're trapping cards and hard currency with low-tech devices stuck to, and inside of, cash machines.
Some of these devices are spring-loaded, fit over ATM card-slot covers and have a thin edge that prevents cards from being ejected after use.
Despite on-screen warnings at the cash terminals, experts at the
European ATM Security Team (EAST) say many customers fail to immediately report the trrapped cards to their financial institutions. Instead, the customers just give up and walk away.
That's what the thieves are counting on. Often within 10 minutes, EAST said, the trapped cards are used to make withdrawals, check account balances and make debit purchases.
CREDIT: Dreamstime View full size imageThieves also use claw- or fork-like devices inserted into ATM cash-dispensing slots to fish bank notes directly out of the machines, skipping electronic fraud altogether. Sometimes these claws are paired with devices that keep an ATM's cash door open after a legitimate transaction.
Similar devices trap bills as the ATM dispenses them, security writer
Brian Krebs reported, leaving the legitimate customer with an account deduction but no cash in hand.
[What's the Safest 4-Digit PIN?]These mechanical variations on ATM card skimming occur mostly in western Europe. There, magnetic-strip cards have largely been eclipsed by the
more secure "chip-and-PIN" cards, which contain a computer chip that interacts with ATMs and point-of-sale machines.
With chip-and-PIN cards you need the actual card to get cash, not just the data from the magstripe and the PIN. That's forced thieves to innovate.
Overall, the rate of cash-card fraud in western Europe is much lower than it is in the United States.
European bank customers should report irregularities in cash received from ATMs and trapped cards to their financial institutions immediately.
Customers who use ATMs or debit cards anywhere are advised to cover the
PIN pad with one hand.
Orginal article: by Ben Weitzenkorn, Staff Writer, Security, TechNewsDaily November 29 2012 12:00 PM ET