Cyber criminals are adopting even more creative and sophisticated methods to collect user’s personal information, of course banking data is very attractive for hackers that could decide to directly use it for cyber frauds, resell it on the black market or for a successive cyber attacks.
Today we will discuss new methods used to capture intercept PINs at ATMs:
“It just blows you away how sophisticated these folks are in thinking this stuff up,” says Bryan Sartin, director of the team at Verizon Communications that investigates data breaches.
The US Intelligence estimated annual losses from ATM skimming at more than $1 billion in 2008.
In the past cyber criminals used phony number pads and skimmers to steal debit card PIN data, but it is too risky due to the necessity to deploy the sniffing equipment and then come back to remove it avoiding surveillance.
For this reason cyber criminals have developed a smart scheme to steal user’s PINs directly from ATMs and gas pumps, the hackers exploit banks wireless Internet connections used by financial institution to monitor ATM cash flow and update software.
“Regulators at the Federal Financial Institutions Examination Council warned in April that the ATMs of small and midsize banks are preferred targets for criminals who hack bank Web pages to boost ATM withdrawal limits and then clean out people’s accounts.” reports Bloomberg Businessweek.
Criminals are able to catch PINs remotely, according to a Verizon report, another common tactic consists to get jobs with technical-support companies that give them access to ATMs, then installing malicious code that can steal and transmit PIN data back to the attackers via e-mail address or through a phone line.
Remote hacking of Web-connected ATMs is a serious problem, an event that is happening with increasing frequency, in March, the FBI has identified 17 people involved in a card fraud stretched from Bulgaria to Chicago.
The technology is fueling the cyber criminal ecosystem memory chips and transmitters that enable PIN hacking thin and light enough to be easily hidden in ATM installed by banks.
How to preserve users from increasing criminal activities?
First of all it is necessary to deploy a new generation of credit/debit cards to substitute antiquated magnetic-stripe cards, very easy to skim. The USA is strangely backward in terms of security and data breaches like the one suffered by Target retailer are the consequence.
(Security Affairs – ATMs,cybercrime)