Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
04-02-2011, 19:03   #1
BaconZombie
Registered User
 
BaconZombie's Avatar
 
Join Date: Jan 2007
Posts: 8,593
Skimmer for New AIB ATM caught in the wild!!!!





Quote:

Skimmers for the new AIB ATM already in the wild !! - http://i.imgur.com/I38q9.jpg & http://i.imgur.com/gBhQn.jpg #ATM #AIB #Ireland
http://twitter.com/BaconZombie/status/33152852536852480
BaconZombie is offline  
Advertisement
07-02-2011, 19:19   #2
 
Join Date: Oct 2010
Posts: 281
I was skimmed and had money withdrawn from my current account on Friday via an international point of sale. Contacted AIB Saturday, they cancelled the card, new card on the way, and the money is covered pending the approval of the AIB farud team. It was a laser/atm card.

I'm guessing they harvested a few 100 cards then waited until the 1st Friday of the month when most people get paid to steal the money.

Shocked when it happens to you kind of thing.

While it is likely that I was caught by the method pictured, I can't rule out for sure that it didn't happen abroad or online. Maybe the AIB crew will shed some light on this.

Will be more careful as I enter my pin from now on
spagboll is offline  
09-02-2011, 10:59   #3
oeb
Registered User
 
Join Date: Mar 2008
Posts: 2,362
Send a message via MSN to oeb
Where is the camera located with that skimmer?

Would I be correct in saying that a copy of the data on the magnetic strip is useless without the pin code?
oeb is offline  
09-02-2011, 13:05   #4
JimmyCrackCorn
Registered User
 
Join Date: Jan 2010
Posts: 1,635
Quote:
Originally Posted by oeb View Post
Where is the camera located with that skimmer?

Would I be correct in saying that a copy of the data on the magnetic strip is useless without the pin code?

Camera is separate device to the skimmer.

They are not hard to make. You just take a mould and a few phone calls later you have a template for a skimmer.

There is nothing magical about a card reader.

Though AIB did make a good effort, the only way to really make it more difficult would be to have randomly different shaped fascia plates. Meaning you'd have to target individual atms.
JimmyCrackCorn is offline  
09-02-2011, 13:21   #5
seamus
Dental Plan!
 
seamus's Avatar
 
Join Date: Jul 2001
Posts: 60,823
Send a message via MSN to seamus
It would be possible to build some form of oscillating magnetic field (wire + AC) into the fascia which disrupts the electronics of any device attached over it. Obvious problem here is that valid electronics in the fascia would need to be shielded, and the scammers could equally shield their own electronics.

A move away from the strip is the most effective thing here, take the strip off the card and move all ATMs to chip & pin. Legislate for it - give all retailers and banks 2 years to change their system from dependence on the strip. If someone needs a strip (e.g. to go to a foreign country), then they can apply for such a card from the bank.
seamus is offline  
Advertisement
09-02-2011, 13:43   #6
 
Join Date: May 2006
Posts: 2,362
Quote:
Originally Posted by seamus View Post
It would be possible to build some form of oscillating magnetic field (wire + AC) into the fascia which disrupts the electronics of any device attached over it. Obvious problem here is that valid electronics in the fascia would need to be shielded, and the scammers could equally shield their own electronics.

A move away from the strip is the most effective thing here, take the strip off the card and move all ATMs to chip & pin. Legislate for it - give all retailers and banks 2 years to change their system from dependence on the strip. If someone needs a strip (e.g. to go to a foreign country), then they can apply for such a card from the bank.
I think some new sort of simple security built into ATMs might help (correct me if very naive!) - the same as on internet banking. Why not randomly question people taking out money - e.g. the machine might ask what their date of birth is, mother's first name, please enter the amount of your last withdrawal, that sort of thing? Most scammers would have no idea of this info, and the fact that it would be random each time means any potential camera would have no/less chance of picking up the answer from the last time when the customer was scammed in the first place.

Nice pic - do you work in law enforcement?
tommy21 is offline  
09-02-2011, 14:37   #7
JimmyCrackCorn
Registered User
 
Join Date: Jan 2010
Posts: 1,635
Quote:
Originally Posted by seamus View Post
A move away from the strip is the most effective thing here, take the strip off the card and move all ATMs to chip & pin. Legislate for it - give all retailers and banks 2 years to change their system from dependence on the strip. If someone needs a strip (e.g. to go to a foreign country), then they can apply for such a card from the bank.

on a side note chip and pin is also broken.
JimmyCrackCorn is offline  
09-02-2011, 15:06   #8
seamus
Dental Plan!
 
seamus's Avatar
 
Join Date: Jul 2001
Posts: 60,823
Send a message via MSN to seamus
Indeed chip & PIN is nowhere near the be-all and end-all but magnetic strips at this stage are just barely a step above the old imprinting machines and they should have been eliminated years ago.
seamus is offline  
08-07-2014, 14:21   #9
 
Join Date: May 2014
Posts: 1,252
New Skimmers out in Europe

Smaller, fit into the card slot not over. Pics in link.

http://krebsonsecurity.com/2014/07/t...sert-skimmers/
Rucking_Fetard is offline  
Advertisement
09-07-2014, 14:58   #10
Impetus
Registered User
 
Join Date: Sep 2013
Posts: 1,599
Magnetic stripes are needed for backwards compatability for card use in third world countries like the US. They are also essential for fast, small value transactions - eg motorway tolls.

Very few toll booths in Europe take contactless cards, and where they do the transaction has to be authorized - even if it is only a few Euro, and intra-country authorizations in Europe are still slow. In practice one does not need to keep a barrier closed until the authorization has been received - because license plates are photographed at toll booths, and in the event of an authorization coming back with a stolen card code, the driver could be picked up by police at a downstream toll booth.

The other issue about contactless is that it only works with debit cards, and debit card processing fees are extremely high in Ireland. This leaves the toll booth operator with the choice of accepting credit cards which have no contactless feature and using the magnetic stripe instead. Or taking debit cards and adding about 30c to the toll to cover the exhorbitant bank charge.

The magnetic stripe on French debit cards seems to be unreadable by skimmers - eg some retail chains, eg Woodies - while they use the chip to process the payment, the sales assistant is "programmed" to swipe the magnetic stripe into anohter reader. Presumably they are (illegally in my view) using the payment card as a "loyalty card" to track customers repeat shopping patterns etc - a mini in-house NSA. The "loyalty card" functionality doesn't work with a French payment card.
Impetus is offline  
09-07-2014, 21:35   #11
 
Join Date: May 2014
Posts: 1,252
Use your phones Magnetometer for NFC. Coming soon.

Quote:
In its current form, Pulse can only send about 40 bits per second, and only when the transmitter and receiver are within two centimeters of one another. Compared to NFC, which can work within 20 centimeters or more if you have specialized hardware, it’s not hard to see why this communications protocol could be considered superior when trying to send secure credentials wirelessly.
Rucking_Fetard is offline  
14-07-2014, 09:58   #12
hmmm
Registered User
 
hmmm's Avatar
 
Join Date: Mar 2001
Posts: 7,167
As a matter of interest, why does the card need to be inserted into the machine in the first place? Could the chip enabled cards not be read wirelessly?
hmmm is offline  
14-07-2014, 10:10   #13
Impetus
Registered User
 
Join Date: Sep 2013
Posts: 1,599
Quote:
Originally Posted by hmmm View Post
As a matter of interest, why does the card need to be inserted into the machine in the first place? Could the chip enabled cards not be read wirelessly?
Perhaps one is expecting too much to assume that the RFID traffic is encrypted?

If it isn't encrypted, it opens up a new fraud platform where card details are easily wirelessly stolen at point of sale terminals - even if the card itself is being used for a normal EMV transaction with PIN etc.
Impetus is offline  
20-07-2014, 01:24   #14
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
Quote:
Originally Posted by JimmyCrackCorn View Post
Though AIB did make a good effort, the only way to really make it more difficult would be to have randomly different shaped fascia plates. Meaning you'd have to target individual atms.
if the fascia plates are random then how would you recognise a fake one ?




if you were to remove the mag stripe from your card what would stop working here ?
Capt'n Midnight is offline  
20-07-2014, 08:42   #15
Impetus
Registered User
 
Join Date: Sep 2013
Posts: 1,599
Quote:
Originally Posted by Capt'n Midnight View Post
if you were to remove the mag stripe from your card what would stop working here ?
I assume the motorway toll payment wouldn't work. There is no PIN at motorway toll booths.

It would stop certain chain stores from processing your card - those who like to skim your card number etc from the mag stripe (in addition to using the chip to take the money in EMV mode). Perhaps the bots behind the counter would refuse to take your money?

It would certainly be a bigger hindrance when travelling. Some banks have recently started issuing EMV cards in the US - but I have not heard reports of US retailers spending money on the card processing kit so far. Maybe some US banks are sick of receiving complaints from cardholders that their Visa or MasterCard etc are fairly useless in Europe, and decided to fix the card for people who travel a lot first?
Impetus is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet