Recently chip-and-PIN technology started to be adopted in the US because it would improve the security for the customers, merchants and financial institutions. This is true, but the problem is that when the market pushes in one direction, in this case the adoption of the chip-and-PIN technology, crooks exploit to ways to compromise it.
A new “shimmer” was found in Mexico, “shimmer” means that a shim is between the chip of the user’s card and the chip reader in the ATM, making possible to record the data from the card while the ATM is reading it.
This new “shimmer” was exposed by Brian Krebs in his blog, the popular expert explains that no special access is required to add the hack component to the ATM, because the component is added from outside.
The component that you can see was found inside a Diebold Opteva 520 with dip reader (a dip reader is a type of card reader that requires you to insert your card and remove it quickly).
This “traps” are starting to increase, and that means that the crooks need physical access to the ATM.
The new generation of traps, come equipped with a GSM module to send encrypted card data back to the crooks, and spy cameras are also installed above the ATM keyboards, of course a fake numerical keyboard installed by criminals.
Other new ways of exploiting the chip-and-PIN technology is being used by crooks consist in:
The findings of the Kreb’s report demonstrate that is wrong to assume that just because you use chip-and-PIN technology you are safe.
In addition, Banks need to have a more aggressive posture when dealing with card frauds and keep in mind that Crooks are always working to take advantage of a new technology.
About the Author Elsio Pinto
(Security Affairs – card fraud, Chip-and-PIN technology)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.