ITSpotlight is designed to keep the campus up to date on ITS activities and services.
Information Security Hygiene - Credit Card Skimming
Posted June 10, 2021
by ITS Information Security
When considering information security awareness at SIUE it’s good to get into routines that can protect your privacy at home as well. A common scam known as card skimming can compromise your privacy and steal your financial data very discreetly. Card skimming happens when a hacker attaches a device to machines that process automatic credit or debit card transactions, like ATM’s, gas pumps, or parking meters. The devices are cleverly disguised to look like part of the machine and do not interfere with the function of the machine. The skimmers simply collect your account information and PIN while you use the machine and store the information for download later or transmit the information to the hacker remotely. Fortunately, a compromised ATM or meter can be detected with some simple, habitual techniques.
In cases where the ATM or meter are compromised, the machine will likely have a combination of overlays, devices, and cameras to capture your account number from your card and your PIN when you type it in. This can include a device attached to the card slot, an overlay on the PIN number pad, and pinhole cameras that record the numbers you punch in.
Overlays can be manufactured with 3D printers, salvaged from used ATMs, or bought on Dark Web black markets. Many ATM designs are very similar and the parts can look exactly like the equipment they mimic. Fortunately, there are some easy checks that can be done and are good habits whenever using an ATM or similar machine.
ATMs, gas pumps, parking meters and similar machines are built to last and are hardened against the environment and continuous use. Checking a machine for loose parts before you use it is a good habit and a sign that the machine might be compromised. Loose card slots, wobbly or sticky buttons, and ill-fitting trim are suspect. Before you use a machine like this, give the card slot a yank, inspect the trim above key pad, look for holes drilled around the PIN pad, check around the screen, and pull on the keypad. If everything seems solid, then the machine is likely OK.
A quick inspection of an ATM or gas pump before use is a great habit to encourage with your family and friends. Although not foolproof and financial institutions are usually good about remediating fraudulent transactions you may be a victim of, it only takes a few seconds to inspect an ATM versus risking compromised privacy and waiting on a new debit card. You are always the front line in protecting your own privacy.
