Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

Recent news stories originating in America have revealed that criminals have made a generational leap in the sophistication of card skimmers in used on public cash dispensers (ATMs). Card skimmers read the information from the magnetic stripe on the card which carries most of the same data found on the encrypted chip embedded in the card, and are usually accompanied by a camera mounted discreetly somewhere with a view of the keypad to capture the user's PIN.
(You can see American TV station KFOR's original report here.)
Previously, card skimmers were usually fairly obvious to even the casual observer if they knew the evidence to look for, with signs that the machine facia has been tampered with and a device attached over the face of the slot. The problem became such an issue that ATM manufacturers have been retrofitting even old dispensers with physical protections (such as extending the slot out of the machine, and surrounding the slot with a clear brightly lit facia) to make tampering and modification less feasible. The new generation of skimmers, however are nearly impossible to spot, having been designed to fit *inside* the card slot with very little visible evidence, and made with much greater sophistication than previous generations.
The issue is of greater concern in the US where daily withdrawal limits tend to be higher and the uptake of chip-and-PIN security has been slow, and even ATMs still rely on the magnetic stripe for account information when issuing cash. Nevertheless, even in parts of the world like the UK where chip-and-PIN is prevalent skimmers are still a problem, with criminals instead using the information for other, less direct, forms of fraud (such as Internet purchasing, and identity confirmation) and the information is electronic so can be used anywhere in the world (such as the US where a cloned magnetic strip and a PIN is all that is required to gain access to cash).
Although there is not much the average person can do to stop magstripe details being captured in these circumstances, the fact remains that the criminals are ultimately after one thing. At least by shielding your PIN from view simple cloning for cash ceases to be an option.