According to a story on bankinfosecurity, ATM and pay at the pump terminal attacks will increase in 2017.
Localized skimming attacks, whether waged against ATMs or self-service gas pumps, continue to wreak havoc on banks and credit unions. "It's death by a thousand cuts," one executive with a leading card issuer on the West Coast tells me.
As 2016 drew to a close, we got yet another reminder of the problem when federal prosecutors announced that a Romanian man pleaded guilty to using counterfeit cards to steal $127,000 from several New York banks in 2015, according to The Associated Press. The defendant, Illie Sitariu confessed to authorities that he and an unnamed accomplice stole card data and PINs with skimming devices and pinhole cameras they had attached to various ATMs, including those owned by Capital Region, First Niagara Bank, Trustco Bank and Berkshire Bank, according to court records.
The continued rollout of EMV support at merchant Point Of Sale terminals has forced a shift in the target.
U.S. retailers are working overtime to get their EMV POS terminals up and running. Merchants that are still accepting mag-stripe cards have seen significant upticks in chargebacks for counterfeit fraud since October 2015, when the EMV fraud liability shift took effect. In 2017, those retailers want to reduce their chargebacks as much as possible.
[...] Today, ATMs and self-service gas pumps are the easiest targets because most of these terminals are still not yet accepting chip transactions. And that likely won't change until they're impacted by the fraud liability shift.
For ATMs, Visa's liability shift takes place in October 2017. (MasterCard's shift was October 2016, but MasterCard has not reported totals for ATMs that are now accepting chip transactions on its cards.) For self-serve gas pumps, the liability shift for both Visa and MasterCard is not until October 2020.
[...] And the biggest skimming worry in 2017 will be attacks like the one waged by the Romanian and his unnamed accomplice in New York.
Skimming attacks that capture magnetic-stripe details and PINs enable fraudsters to clone debit cards that can be used at ATMs for fraudulent cash withdrawals. It's not a new scheme or a complicated one; but it is a scheme that has proven effective and profitable for criminals.
(Score: 1, Informative) by Anonymous Coward on Thursday January 05 2017, @03:53PM
They are vulnerable. They are less vulnerable than a gas pump or atm because there are more people around. But think of all the times that a checkout line is closed. An experienced thief can install a skimmer in a matter of seconds so there is plenty of opportunity to install them.
Here's info on skimmers found at walmart. [krebsonsecurity.com]
(Score: 2) by DeathMonkey on Thursday January 05 2017, @07:06PM
Those Walmart skimmers appear to only work when a card is swiped. The GP says he is using a chip card so his method is more secure and not just via more eyes on the terminal.
(Score: 0) by Anonymous Coward on Thursday January 05 2017, @09:59PM
Chip without pin isn't inherently all that more secure than swiping.
Especially since most chip terminals have swipe fallback.
So all you gotta do is make your fake terminal pretend to fall back.