Advertisement
MODs please see this information notice in the mod's forum. Thanks!
Boards Golf Society are looking for new members for 2022...read about the society and their planned outings here!
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards

Skimmer for New AIB ATM caught in the wild!!!!

Comments



  • I was skimmed and had money withdrawn from my current account on Friday via an international point of sale. Contacted AIB Saturday, they cancelled the card, new card on the way, and the money is covered pending the approval of the AIB farud team. It was a laser/atm card.

    I'm guessing they harvested a few 100 cards then waited until the 1st Friday of the month when most people get paid to steal the money.

    Shocked when it happens to you kind of thing.

    While it is likely that I was caught by the method pictured, I can't rule out for sure that it didn't happen abroad or online. Maybe the AIB crew will shed some light on this.

    Will be more careful as I enter my pin from now on




  • Where is the camera located with that skimmer?

    Would I be correct in saying that a copy of the data on the magnetic strip is useless without the pin code?




  • oeb wrote: »
    Where is the camera located with that skimmer?

    Would I be correct in saying that a copy of the data on the magnetic strip is useless without the pin code?


    Camera is separate device to the skimmer.

    They are not hard to make. You just take a mould and a few phone calls later you have a template for a skimmer.

    There is nothing magical about a card reader.

    Though AIB did make a good effort, the only way to really make it more difficult would be to have randomly different shaped fascia plates. Meaning you'd have to target individual atms.




  • It would be possible to build some form of oscillating magnetic field (wire + AC) into the fascia which disrupts the electronics of any device attached over it. Obvious problem here is that valid electronics in the fascia would need to be shielded, and the scammers could equally shield their own electronics.

    A move away from the strip is the most effective thing here, take the strip off the card and move all ATMs to chip & pin. Legislate for it - give all retailers and banks 2 years to change their system from dependence on the strip. If someone needs a strip (e.g. to go to a foreign country), then they can apply for such a card from the bank.




  • seamus wrote: »
    It would be possible to build some form of oscillating magnetic field (wire + AC) into the fascia which disrupts the electronics of any device attached over it. Obvious problem here is that valid electronics in the fascia would need to be shielded, and the scammers could equally shield their own electronics.

    A move away from the strip is the most effective thing here, take the strip off the card and move all ATMs to chip & pin. Legislate for it - give all retailers and banks 2 years to change their system from dependence on the strip. If someone needs a strip (e.g. to go to a foreign country), then they can apply for such a card from the bank.

    I think some new sort of simple security built into ATMs might help (correct me if very naive!) - the same as on internet banking. Why not randomly question people taking out money - e.g. the machine might ask what their date of birth is, mother's first name, please enter the amount of your last withdrawal, that sort of thing? Most scammers would have no idea of this info, and the fact that it would be random each time means any potential camera would have no/less chance of picking up the answer from the last time when the customer was scammed in the first place.

    Nice pic - do you work in law enforcement?


  • Advertisement


  • seamus wrote: »
    A move away from the strip is the most effective thing here, take the strip off the card and move all ATMs to chip & pin. Legislate for it - give all retailers and banks 2 years to change their system from dependence on the strip. If someone needs a strip (e.g. to go to a foreign country), then they can apply for such a card from the bank.


    on a side note chip and pin is also broken.




  • Indeed chip & PIN is nowhere near the be-all and end-all but magnetic strips at this stage are just barely a step above the old imprinting machines and they should have been eliminated years ago.




  • Smaller, fit into the card slot not over. Pics in link.

    http://krebsonsecurity.com/2014/07/the-rise-of-thin-mini-and-insert-skimmers/




  • Magnetic stripes are needed for backwards compatability for card use in third world countries like the US. They are also essential for fast, small value transactions - eg motorway tolls.

    Very few toll booths in Europe take contactless cards, and where they do the transaction has to be authorized - even if it is only a few Euro, and intra-country authorizations in Europe are still slow. In practice one does not need to keep a barrier closed until the authorization has been received - because license plates are photographed at toll booths, and in the event of an authorization coming back with a stolen card code, the driver could be picked up by police at a downstream toll booth.

    The other issue about contactless is that it only works with debit cards, and debit card processing fees are extremely high in Ireland. This leaves the toll booth operator with the choice of accepting credit cards which have no contactless feature and using the magnetic stripe instead. Or taking debit cards and adding about 30c to the toll to cover the exhorbitant bank charge.

    The magnetic stripe on French debit cards seems to be unreadable by skimmers - eg some retail chains, eg Woodies - while they use the chip to process the payment, the sales assistant is "programmed" to swipe the magnetic stripe into anohter reader. Presumably they are (illegally in my view) using the payment card as a "loyalty card" to track customers repeat shopping patterns etc - a mini in-house NSA. The "loyalty card" functionality doesn't work with a French payment card.




  • Use your phones Magnetometer for NFC. Coming soon.
    In its current form, Pulse can only send about 40 bits per second, and only when the transmitter and receiver are within two centimeters of one another. Compared to NFC, which can work within 20 centimeters or more if you have specialized hardware, it’s not hard to see why this communications protocol could be considered superior when trying to send secure credentials wirelessly.


  • Advertisement


  • As a matter of interest, why does the card need to be inserted into the machine in the first place? Could the chip enabled cards not be read wirelessly?




  • hmmm wrote: »
    As a matter of interest, why does the card need to be inserted into the machine in the first place? Could the chip enabled cards not be read wirelessly?

    Perhaps one is expecting too much to assume that the RFID traffic is encrypted?

    If it isn't encrypted, it opens up a new fraud platform where card details are easily wirelessly stolen at point of sale terminals - even if the card itself is being used for a normal EMV transaction with PIN etc.




  • Though AIB did make a good effort, the only way to really make it more difficult would be to have randomly different shaped fascia plates. Meaning you'd have to target individual atms.
    if the fascia plates are random then how would you recognise a fake one ?




    if you were to remove the mag stripe from your card what would stop working here ?




  • if you were to remove the mag stripe from your card what would stop working here ?

    I assume the motorway toll payment wouldn't work. There is no PIN at motorway toll booths.

    It would stop certain chain stores from processing your card - those who like to skim your card number etc from the mag stripe (in addition to using the chip to take the money in EMV mode). Perhaps the bots behind the counter would refuse to take your money?

    It would certainly be a bigger hindrance when travelling. Some banks have recently started issuing EMV cards in the US - but I have not heard reports of US retailers spending money on the card processing kit so far. Maybe some US banks are sick of receiving complaints from cardholders that their Visa or MasterCard etc are fairly useless in Europe, and decided to fix the card for people who travel a lot first?




  • rolion wrote: »

    It seems to me that the protruding card reading device in the AIB machines is a poor design. If the card slot was flush with the wall of the machine, in all cases, people would be more likely to be suspicious about "add-ons" when they present their card to the device.

    Also it would be better of the machines were kept spotlessly clean. That would help make "imperfections" like card skimmers more obvious - especially if the machine itself had a clean, well designed appearance.




  • Impetus wrote: »
    Also it would be better of the machines were kept spotlessly clean. That would help make "imperfections" like card skimmers more obvious - especially if the machine itself had a clean, well designed appearance.
    I would have thought the opposite. The reason I'm pretty confident with the ATM near me is fine is that I know the pattern of the worn and dirty bits around the card slot and keypad. If it was spotless, it'd be harder to spot a replacement.


Advertisement