Periscope ATM skimmers are undetectable from the outside

By Shawn Knight ยท 8 replies
Sep 14, 2016
Post New Reply
  1. The recent discovery of a new type of ATM card skimmer reportedly has the Secret Service on high alert.

    According to Krebs on Security, the agency is alerting banks and ATM owners about an advanced skimming technique known as periscope skimming. The device, which consists of two components, is installed inside of an ATM through a top hatch accessible with a key, thus making it impossible to detect from the outside.

    A financial crimes task force in Connecticut believes this is the first time periscope skimmers have been found in the US. Their report references two periscope skimmers uncovered thus far in the US, one last month in Greenwich, Connecticut, and another earlier this month in Pennsylvania.

    Krebs notes that the Connecticut task force didn’t find any hidden cameras or other method of capturing PINs which suggests these are early prototypes designed to help improve future versions. At some point, however, those installing periscope skimmers will want to somehow capture PINs so they can later drain bank accounts.

    The devices that have been found could remain inside an ATM for up to 14 days before running out of power from their battery. In that amount of time and given the skimmer’s storage capacity, it could record as many as 32,000 card numbers.

    Krebs recommends ATM users shield the keypad when they enter their PIN as to prevent a visual device like a camera from seeing the numbers entered. They also recommend sticking to ATMs that are installed in the wall at a bank and to never use a machine that’s in a secluded spot, especially at night.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 3,346   +1,987

    It's a simple solution. Hold the banks responsible. So many of them now farm out the ATM's to sub-contractors like Diebold and those companies require the customer to submit a "claim" which they can easily deny. The banks then say "not our fault". Make the banks directly responsible and you'll put a stop to the problem quickly since they certainly don't like having to be liable and pay for their sins. Since the technicians that take care of the ATM's must be bonded and insured, the bank will have recourse against those sub-contractors, which will cause them to do their jobs. With all those high ATM fee's, both companies can afford and should be forced to pay.

    Problem solved! At least for the consumer ...... LOL
    p51d007 likes this.
  3. Joray K Joseph

    Joray K Joseph TS Rookie

    I'm not so sure, Banks usually pay out if any account has been hijacked and stolen, since it is easier to pay you off instead of spending more money investigating.
  4. psycros

    psycros TS Evangelist Posts: 1,872   +1,291

    Which explains why most of the crooks are never caught and exploits like this are never addressed. I LOL'd heartily at the claims of "improved security" with the chip cards. The chips are designed to be easily copied and have ALL your data embedded in them. Only the encryption protects them and that will be penetrated soon enough. They also have no added defense against skimmers.
  5. dylannnnnn

    dylannnnnn TS Rookie Posts: 18   +13

    Why haven't they started using touchscreens for the keypad with a random keypad generator combined with a screen that can only be seen from a very narrow field of view.

    This would eliminate:
    1. Camera's watching the keys you press.
    2. A replacement of the physical keypad
    3. People peering around you to see which keys you press
  6. p51d007

    p51d007 TS Evangelist Posts: 1,310   +651

    I only use the ATM from my bank(s), Within the last 2 years, they installed metal shields over the keypads, to help keep the skimmers at bay by not allowing anyone to see your PIN.
  7. lipe123

    lipe123 TS Evangelist Posts: 718   +236

    Wait so if they had physical access to the inside of the machine and no one saw them do it, why didn't they just remove the cash and skip the middleman?
  8. ChrisH1

    ChrisH1 TS Booster Posts: 68   +46

    Requiring a user-entered token number sent to your phone, or from an SSA 'dongle' is a solution. Trying to safeguard your money by what is effectively no more than not letting anyone see where you've put it is not.
  9. DAOWAce

    DAOWAce TS Booster Posts: 268   +39

    I've always hid my PIN since I first opened a bank account as a young adult.. privacy/security is extremely important.

    I also stopped using ATMs many years ago and just pay via credit, seeing as lots of banks charge you for debit transactions and non-bank-specific ATM withdrawals. As an added benefit, I don't put in a PIN when paying either.

    The US is finally changing to chip based cards though and my new card is set to have one.. so here we go with yet another security issue. At least they're not the RFID ones.. well, the ones I've seen anyway.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...