Periscope ATM skimmers are undetectable from the outside

Shawn Knight

Shawn Knight

Posts: 15,285   +192
Staff member

The recent discovery of a new type of ATM card skimmer reportedly has the Secret Service on high alert.

According to Krebs on Security, the agency is alerting banks and ATM owners about an advanced skimming technique known as periscope skimming. The device, which consists of two components, is installed inside of an ATM through a top hatch accessible with a key, thus making it impossible to detect from the outside.

A financial crimes task force in Connecticut believes this is the first time periscope skimmers have been found in the US. Their report references two periscope skimmers uncovered thus far in the US, one last month in Greenwich, Connecticut, and another earlier this month in Pennsylvania.

Krebs notes that the Connecticut task force didn’t find any hidden cameras or other method of capturing PINs which suggests these are early prototypes designed to help improve future versions. At some point, however, those installing periscope skimmers will want to somehow capture PINs so they can later drain bank accounts.

The devices that have been found could remain inside an ATM for up to 14 days before running out of power from their battery. In that amount of time and given the skimmer’s storage capacity, it could record as many as 32,000 card numbers.

Krebs recommends ATM users shield the keypad when they enter their PIN as to prevent a visual device like a camera from seeing the numbers entered. They also recommend sticking to ATMs that are installed in the wall at a bank and to never use a machine that’s in a secluded spot, especially at night.

Permalink to story.

https://www.techspot.com/news/66329-periscope-atm-skimmers-undetectable-outside.html

 
It's a simple solution. Hold the banks responsible. So many of them now farm out the ATM's to sub-contractors like Diebold and those companies require the customer to submit a "claim" which they can easily deny. The banks then say "not our fault". Make the banks directly responsible and you'll put a stop to the problem quickly since they certainly don't like having to be liable and pay for their sins. Since the technicians that take care of the ATM's must be bonded and insured, the bank will have recourse against those sub-contractors, which will cause them to do their jobs. With all those high ATM fee's, both companies can afford and should be forced to pay.

Problem solved! At least for the consumer ...... LOL
 
  • Like
Reactions: p51d007
Uncle Al said:
It's a simple solution. Hold the banks responsible. So many of them now farm out the ATM's to sub-contractors like Diebold and those companies require the customer to submit a "claim" which they can easily deny. The banks then say "not our fault". Make the banks directly responsible and you'll put a stop to the problem quickly since they certainly don't like having to be liable and pay for their sins. Since the technicians that take care of the ATM's must be bonded and insured, the bank will have recourse against those sub-contractors, which will cause them to do their jobs. With all those high ATM fee's, both companies can afford and should be forced to pay.

Problem solved! At least for the consumer ...... LOL
Click to expand...
I'm not so sure, Banks usually pay out if any account has been hijacked and stolen, since it is easier to pay you off instead of spending more money investigating.
 
Joray K Joseph said:
Uncle Al said:
It's a simple solution. Hold the banks responsible. So many of them now farm out the ATM's to sub-contractors like Diebold and those companies require the customer to submit a "claim" which they can easily deny. The banks then say "not our fault". Make the banks directly responsible and you'll put a stop to the problem quickly since they certainly don't like having to be liable and pay for their sins. Since the technicians that take care of the ATM's must be bonded and insured, the bank will have recourse against those sub-contractors, which will cause them to do their jobs. With all those high ATM fee's, both companies can afford and should be forced to pay.

Problem solved! At least for the consumer ...... LOL
Click to expand...
I'm not so sure, Banks usually pay out if any account has been hijacked and stolen, since it is easier to pay you off instead of spending more money investigating.
Click to expand...

Which explains why most of the crooks are never caught and exploits like this are never addressed. I LOL'd heartily at the claims of "improved security" with the chip cards. The chips are designed to be easily copied and have ALL your data embedded in them. Only the encryption protects them and that will be penetrated soon enough. They also have no added defense against skimmers.
 
Why haven't they started using touchscreens for the keypad with a random keypad generator combined with a screen that can only be seen from a very narrow field of view.

This would eliminate:
1. Camera's watching the keys you press.
2. A replacement of the physical keypad
3. People peering around you to see which keys you press
 
I only use the ATM from my bank(s), Within the last 2 years, they installed metal shields over the keypads, to help keep the skimmers at bay by not allowing anyone to see your PIN.
 
Wait so if they had physical access to the inside of the machine and no one saw them do it, why didn't they just remove the cash and skip the middleman?
 
Requiring a user-entered token number sent to your phone, or from an SSA 'dongle' is a solution. Trying to safeguard your money by what is effectively no more than not letting anyone see where you've put it is not.
 
I've always hid my PIN since I first opened a bank account as a young adult.. privacy/security is extremely important.

I also stopped using ATMs many years ago and just pay via credit, seeing as lots of banks charge you for debit transactions and non-bank-specific ATM withdrawals. As an added benefit, I don't put in a PIN when paying either.

The US is finally changing to chip based cards though and my new card is set to have one.. so here we go with yet another security issue. At least they're not the RFID ones.. well, the ones I've seen anyway.
 
You must log in or register to reply here.

Similar threads

D
Samsung's 200MP periscope telephoto camera expected to bring whopping 200x digital zoom...
Replies
14
Views
444
PurpaFur
PurpaFur
midian182
Beware: Fake LastPass app sneaks onto Apple's App Store
Replies
3
Views
234
m4a4
m4a4
midian182
Google awarded $10 million in bug bounties last year, the second highest in the program's...
Replies
2
Views
139
toooooot
T

Latest posts

Back