- The Slot Shimmers are a fun and interactive slot channel that play all slots, but have a focus on all link related games such as Dragon Link, Lightning Link.
- #5 – NG Slot Playing Lightning Link by Aristocrat. #4 – Slot Shimmers Playing Eureka Reel Blast by SG Gaming. #3 – Dejavu Slots Playing Gaming Slot Machines Comped Travel's Top 5 Video Slot.
LIVE SLOT PLAY from Meadows Casino. Watch the shimmers shim their way to a major jackpot on lightning link during this Live play session from Meadows Casino.
Somehow, using a physical card just feels safer, right? If you lose your wallet, that can be a problem, but you rarely feel comfortable typing your numbers into a website or speaking them on the phone or anything like that. Some of us may shred our receipts even if they don't contain any sensitive data on them.
Using a physical card, well, it feels safer when you can hold something in your hand. At the very least, someone would have to push you down and physically steal the card from you in order to take your information, and you can just cancel your card before they can spend any of your hard-earned money.
Essentially we're hardwired to feel that something that we have in hand is more safe. And with credit cards and debit cards, that's partly true. All thieves want is the information on the card. A little piece of plastic doesn't hold much actual tangible value on its own. So we tend to believe that as long as we're using the actual plastic, then our information is safer than if we're transferring just the data. It's a lot easier to steal information than it is to steal a wallet.
But, even plastic carries some risks, and not just in the form of pickpockets. You can burn and shred all your paperwork, never speak your numbers aloud, only use your card in person, never online or over the phone, and it will still be entirely possible for a thief to steal the information on your card without the card ever leaving your hand. And, unfortunately, it might not always be easy to realize that this has happened until it is too late.
In any event, you need to be aware of the risks that are out there. In this case we're talking about 'shimmers,' a device used to swipe data directly from a card when you swipe it in a card reader or ATM.
How Do Shimmers Work?
Essentially a shimmer is a little card-reader that can be tucked inside of an existing device. They're very thin and discrete, so it's easy to hide a shimmer inside of an ATM machine or the reader at a convenience store. When the ATM or card reader reads your card, so too will the shimmer. They are similar to 'skimmers,' but much harder to spot than their bulky brethren. Shimmers first began to show up in 2015 but have recently become more popular among scammers.
Skimmers are part of the reason cards have been switching to being chip-based in recent years. At present there's no easy way for thieves to get your information off of a chip. The skimmers are looking at the magnetic strips. The data can be taken from these strips and then used to create copies of the card that can be used in any store or at any ATM that still relies on strip readers.
Many stores still have yet to implement the new, safer standard. But even if you have a chip-based reader, the shimmers can still read the magnetic strip as the card passes over the shimmer. With skimmers it was easier to identify by pulling on the reader. These bulky devices were like a false front-end to the device that could actually be removed or at least easily identified by pulling on them. Shimmers are very small devices tucked neatly into the card reading slot and then removed later by the thieves.
How Can You Combat Shimmers?
The only way to be one hundred percent certain that a card reader does not contain a shimmer is to carry a little screwdriver around with you and go digging around in every slot you come across, but that's not exactly a viable solution. You're going to get kicked out of a lot of gas stations and banks trying to do this. But, this doesn't mean that we're all completely helpless to simply swipe our cards and hope for the best. There are some things that can be done on both the consumer and merchant's ends to stay a step ahead of thieves using shimmers.
As a customer make a note if something feels off about a card reader. Although shimmers generally go undetected, a poorly installed shimmer can be easy to spot. If your card doesn't slide in and out of a chip reader easily, then there may be a shimmer in there. You may want to avoid card readers that are not chip-capable.
In fact, it's not a bad idea to keep cash on you at all times so that you always have an option besides plastic when you are confronted with a new swiper that you haven't used before.
Of course there are other threats that you need to be aware of. If you're heading to an ATM, for instance, it's a good idea to stick to indoor machines where armed robbery is a little less likely. And if you are going to use the machine outside the bank, try to avoid doing so after dark. There's probably an all-night convenience store or Wal Mart in your town. They might charge a small fee but it beats getting robbed. Yes, even in 2018, when we have high-tech hackers using razor-thin card-readers to steal your information, armed robbery remains one of the most popular forms of theft.
Of course the most popular form of identity theft is still the theft of the card itself. Thieves are like fishermen. They don't necessarily target you, they just take what they can get. This means if you leave your wallet out on the table at a coffee shop and they see you take your eyes off it… Theft is, more often than not, a crime of opportunity. Many of these people may not even be career criminals, they just see an opening and they take it. They might never commit a serious crime again, but they see a misplaced credit card as free money and they're not even thinking of the legal and moral ramifications.
You also want to go with reliable sellers more often than not. If you're traveling or spending money in a part of town you don't frequent, you generally want to use cash. A lot of the responsibility on credit and debit card security rests on the merchant's shoulders, and a lot of merchants are really lax about it.
Chain locations tend to be a little safer because they take on a lot more liability risk. It can be hard to mend a damaged reputation, and that's more important to a national chain than it is to someone who only has a business because they run the only gas station in a neighborhood.
So how does a merchant keep up their end of the security obligations?
The main thing they need to focus on is checking CVV's through the dynamic CVV system. These are the little three digit numbers on the back of your card. There's no way to get this number off of a shimmer since it is only designed to get data from the magnet strip. So when the CVV on the card does not match the one in the database, the merchant knows that the card they're looking at is a fake. Again, not all merchants bother taking this step and thieves are most likely to focus on using those cards at stores where they can be fairly certain that the cashier isn't going to check.
If you are a merchant, it's very important to stay up to date on all standard security protocols. Protecting your customers is, of course, vital. If someone gets their information stolen at your shop, they're going to find somewhere else to do their shopping. But beyond that there are also concerns of liability. It's not unlikely to wind up in court, facing steep fines and possibly even jail time over lax security protocol.
Not to mention the chargebacks. If you run an unsafe cash register, you're going to wind up with a lot of customers hitting you with chargebacks, and that's going to hurt you a lot more than a few lost sales in the long run. So be sure to stay up to date on security measures for your card reader. And if you see anyone fiddling with your scanner in a way they shouldn't be, you might want to go ahead and have them removed from your shop. It's generally a good idea not to leave the counter totally unattended any time there are customers in the store.
In any event combating thieves is a collaborative effort between customers and merchants. Customers don't want to get ripped off, merchants don't want to get hit with chargebacks, and they definitely don't want to get sued. Merchants can also give customers a call any time a purchase seems fishy. You also have the right to refuse service when purchases seem suspect. If someone comes into your store and buys thirty pairs of matching shoes, either they coach a little league baseball team, or they're trying to make a purchase so they can resell on the black market, and they have to buy fast before the actual card holder is on to them.
The Future of Credit Card Security
The shimmer is probably a passing fancy. By 2020 we might not be worrying about shimmers at all. The emphasis is moving away from plastic and towards all-digital transactions.
When two people can tap their smartphones together to make a payment or you can pay from a console without having to take anything out of your pockets, why risk it with a plastic card that can be easily misplaced or stolen?
For the time being we still rely heavily on plastic cards. But these are increasingly becoming, like cash, a relic of an earlier time. Even our cards contain cutting edge computer chips instead of relying solely on magnet strips.
All of this being said, criminals tend to stay one step ahead. Hackers are always looking for security gaps, crooks won't hesitate when they see an opportunity that is open to them. Even in a post-plastic world, we're still going to see security concerns. Hackers may use readers and scanners to pick up on transferred information when smartphone transactions are made online or via wireless connection. And of course, they can always steal your phone and then find out how to unlock it with online tutorials.
We're always going to have some reason or another to worry about our data when making a purchase. No matter how advanced the technology gets or how careful we are, there's still going to be a risk. Luckily, that risk is generally manageable, and while you can't guarantee that nobody will ever rip you off, you can at least make it a little more difficult for thieves, crooks and scammers, and they might just feel that you're not worth the effort.
The series I've written about ATM skimmers, gas pump skimmers and other related fraud devices have become by far the most-read posts on this blog. I put this gallery together to showcase the entire series, and to give others a handy place to reference all of these stories in one place. Click the headline or the image associated with each blurb for the full story.
Real card slot on left, skimmer on right.
Jan. 15, 2010: Would You Have Spotted the Fraud? Pictured here is what's known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution. This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?
ATM PIN capture overlay device pulled back to reveal the legitimate PIN entry pad.
Feb. 2, 2010: ATM Skimmers, Part II …The U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin‘s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.
The backside end of a standard, $1,500 Diebold skimmer sold online.
March 25, 2010: Would You Have Spotted This ATM Fraud? …The site also advertises a sort of rent-to-own model for would-be thieves who need seed money to get their ATM-robbing businesses going. 'Skim With Our Equipment for 50% of Data Collected,' the site offers. The plan works like this: The noobie ATM thief pays a $1,000 'deposit' and is sent a skimmer and PIN pad overlay, along with a link to some videos that explain how to install, work and remove the skimmer technology.
A bogus PIN pad overlay
June 3, 2010: ATM Skimmers: Separating Cruft from Craft …The truth is that most of these skimmers openly advertised are little more than scams designed to separate clueless crooks from their ill-gotten gains. Start poking around on some of the more exclusive online fraud forums for sellers who have built up a reputation in this business and chances are eventually you will hit upon the real deal.
The backside of a GSM-based PIN pad overlay
June 17, 2010: Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message – Operating and planting an ATM skimmer — cleverly disguised technology that thieves attach to cash machines to intercept credit and debit card data — can be a risky venture, because the crooks have to return to the scene of the crime to retrieve their skimmers along with the purloined data. Increasingly, however, criminals are using ATM skimmers that eliminate much of that risk by relaying the information via text message.
Bluetooth-enabled gas pump skimmer.
July 20, 2010: Skimmers Siphoning Card Data at the Pump …Thieves recently attached bank card skimmers to gas pumps at more than 30 service stations along several major highways in and around Denver, Colorado, the latest area to be hit by a scam that allows crooks to siphon credit and debit card account information from motorists filling up their tanks.
Fun With ATM Skimmers, Part III …According to the European ATM Security Team (EAST), a not-for-profit payment security organization, ATM crimes in Europe jumped 149 percent form 2007 to 2008, and most of that increase has been linked to a dramatic increase in ATM skimming attacks. During 2008, a total of 10,302 skimming incidents were reported in Europe. Below is a short video authorities in Germany released recently showing two men caught on camera there installing a skimmer and a pinhole camera panel above to record PINs.
Nov. 10, 2010: All-in-One Skimmers – ATM skimmers come in all shapes and sizes, and most include several components — such as a tiny spy cam hidden in a brochure rack, or fraudulent PIN pad overlay. The problem from the thief's perspective is that the more components included in the skimmer kit, the greater the chance that he will get busted attaching or removing the devices from ATMs. Thus, the appeal of the all-in-one ATM skimmer: It stores card data using an integrated magnetic stripe reader, and it has a built-in hidden camera designed to record the PIN sequence after an unsuspecting customer slides his bank card into the compromised machine.
Audio skimmer for Diebold ATMs
Nov. 23, 2010: Crooks Rock Audio-based ATM Skimmers – The European ATM Security Team (EAST) found that 11 of the 16 European nations covered in the report experienced increases in skimming attacks last year. EAST noted that in at least one country, anti-skimming devices have been stolen and converted into skimmers, complete with micro cameras used to steal PINs. EAST said it also discovered that a new type of analogue skimming device — using audio technology — has been reported by five countries, two of them 'major ATM deployers' (defined as having more than 40,000 ATMs).
A GSM-based ATM card skimmer.
Dec. 13, 2010: Why GSM-based ATM Skimmers Rule …So, after locating an apparently reliable skimmer seller on an exclusive hacker forum, I chatted him up on instant message and asked for the sales pitch. This GSM skimmer vendor offered a first-hand account of why these cell-phone equipped fraud devices are safer and more efficient than less sophisticated models — that is, for the buyer at least (I have edited his sales pitch only slightly for readability and flow).
Jan. 17, 2011: ATM Skimmers, Up Close…I wasn't sure whether I could take this person seriously, but his ratings on the forum — in which buyers and sellers leave feedback for each other based on positive or negative experiences from previous transactions — were good enough that I figured he must be one of the few people on this particular forum actually selling ATM skimmers, as opposed to just lurking there to scam fellow scammers.
Jan. 31, 2011: ATM Skimmers That Never Touch the ATM….Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today's skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.
Feb. 16, 2011: Having a Ball With ATM Skimmers …On February 8, 2009, a customer at an ATM at a Bank of America branch in Sun Valley, Calif., spotted something that didn't look quite right about the machine: A silver, plexiglass device had been attached to the ATM's card acceptance slot, in a bid to steal card data from unsuspecting ATM users. But the customer and the bank's employees initially overlooked a secondary fraud device that the unknown thief had left at the scene: A sophisticated, battery operated and motion activated camera designed to record victims entering their personal identification numbers at the ATM.
Mar. 11, 2011: Green Skimmers Skimming Green…To combat an increase in ATM fraud from skimmer devices, cash machine makers have been outfitting ATMs with a variety of anti-skimming technologies. In many cases, these anti-skimming tools take the shape of green or blue semi-transparent plastic casings that protrude from the card acceptance slot to prevent would-be thieves from easily attaching skimmers. But in a surprising number of incidents, skimmer scammers have simply crafted their creations to look exactly like the anti-skimming devices.
April 10, 2001: ATM Skimmers: Hacking the Cash Machine…Most of the ATM skimmers I've profiled in this blog are comprised of parts designed to mimic and to fit on top of existing cash machine components, such as card acceptance slots or PIN pads. But sometimes, skimmer thieves find success by swapping out ATM parts with compromised look-alikes.
This paper-thin membrane fits under the real PIN pad.
May 18, 2011: Point-of-Sale Skimmers: Robbed at the Register …Michaels Stores said this month that it had replaced more than 7,200 credit card terminals from store registers nationwide, after discovering that thieves had somehow modified or replaced machines to include point of sale (POS) technology capable of siphoning customer payment card data and PINs. The specific device used by the criminal intruders has not been made public. But many devices and services are sold on the criminal underground to facilitate the surprisingly common fraud.
3D printer firm i.materialise received and promptly declined orders for these skimmer devices.
Sept. 20, 2011: Gang Used 3D Printers for ATM Skimmers …An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say. Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. In June, a federal court indicted four men from South Texas (PDF) whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer.
An audio skimmer for a Diebold ATM.
Oct. 13, 2011: ATM Skimmer Powered by MP3 Player …Almost a year ago, I wrote about ATM skimmers made of parts from old MP3 players. Since then, I've noticed quite a few more ads for these MP3-powered skimmers in the criminal underground, perhaps because audio skimmers allow fraudsters to sell lucrative service contracts along with their theft devices. The vendor of this skimmer kit advertises 'full support after purchase,' and 'easy installation (10-15 seconds).' But the catch with this skimmer is that the price tag is misleading. That's because the audio files recorded by the device are encrypted. The Mp3 files are useless unless you also purchase the skimmer maker's decryption service, which decodes the audio files into a digital format that can be encoded onto counterfeit ATM cards.
Dec. 7, 2011: Pro Grade (3D Printer-Made?) ATM Skimmer… In July 2011, a customer at a Chase Bank branch in West Hills, Calif. noticed something odd about the ATM he was using and reported it to police. Authorities who responded to the incident discovered a sophisticated, professional-grade ATM skimmer that they believe was made with the help of a 3D printer.
Backside of an ATM skimmer found this year at a bank in the San Fernando Valley area of California.
Slot Shimmers Youtube
April 25, 2012: Skimtacular: All-In-One ATM Skimmer…I spent the past week vacationing (mostly) in Southern California, traveling from Los Angeles to Santa Barbara and on to the wine country in Santa Ynez. Along the way, I received some information from a law enforcement source in the area about a recent ATM skimmer attack that showcased a well-designed and stealthy all-in-one skimmer.
July 24, 2012: ATM Skimmers Get Wafer Thin… It's getting harder to detect some of the newer ATM skimmers, fraud devices attached to or inserted into cash machines and designed to steal card and PIN data. Among the latest and most difficult-to-spot skimmer innovations is a wafer-thin card reading device that can be inserted directly into the ATM's card acceptance slot.
Sept. 5, 2012: A Handy Way to Foil ATM Skimmers… I spent several hours this past week watching video footage from hidden cameras that skimmer thieves placed at ATMs to surreptitiously record customers entering their PINs. I was surprised to see that out of the dozens of customers that used the compromised cash machines, only one bothered to take the simple but effective security precaution of covering his hand when entering his 4-digit code.
Nov. 20, 2012: Beware Card- and Cash-trapping at the ATM… Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users.
A crude skimming device removed from an Inova Hospital in Fairfax, Va. last month.
Dec. 12, 2012: ATM Thieves Swap Security Camera for Keyboard…This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child's play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.
Dec. 18, 2012: Point-of-Sale Skimmers: No Charge…Yet… If you hand your credit or debit card to a merchant who is using a wireless point-of-sale (POS) device, you may want to later verify that the charge actually went through. A top vendor of POS skimmers ships devices that will print out 'transaction approved' receipts, even though the machine is offline and is merely recording the customer's card data and PIN for future fraudulent use.
Feb. 1, 2013: Pro-Grade Point-of-Sale Skimmer….Every so often, the sophistication of the technology being built into credit card skimmers amazes even the experts who are accustomed to studying such crimeware. This post focuses on one such example — images from one of several compromised point-of-sale devices that used Bluetooth technology to send the stolen data to the fraudsters wirelessly.
Apr. 24, 2013: How Not To Install an ATM Skimmer…. Experts in the United States and Europe are tracking a marked increase in ATM skimmer scams. But let's hope that at least some of that is the result of newbie crooks who fail as hard as the thief who tried to tamper with a Bank of America ATM earlier this week in Nashville.
In any event, you need to be aware of the risks that are out there. In this case we're talking about 'shimmers,' a device used to swipe data directly from a card when you swipe it in a card reader or ATM.
How Do Shimmers Work?
Essentially a shimmer is a little card-reader that can be tucked inside of an existing device. They're very thin and discrete, so it's easy to hide a shimmer inside of an ATM machine or the reader at a convenience store. When the ATM or card reader reads your card, so too will the shimmer. They are similar to 'skimmers,' but much harder to spot than their bulky brethren. Shimmers first began to show up in 2015 but have recently become more popular among scammers.
Skimmers are part of the reason cards have been switching to being chip-based in recent years. At present there's no easy way for thieves to get your information off of a chip. The skimmers are looking at the magnetic strips. The data can be taken from these strips and then used to create copies of the card that can be used in any store or at any ATM that still relies on strip readers.
Many stores still have yet to implement the new, safer standard. But even if you have a chip-based reader, the shimmers can still read the magnetic strip as the card passes over the shimmer. With skimmers it was easier to identify by pulling on the reader. These bulky devices were like a false front-end to the device that could actually be removed or at least easily identified by pulling on them. Shimmers are very small devices tucked neatly into the card reading slot and then removed later by the thieves.
How Can You Combat Shimmers?
The only way to be one hundred percent certain that a card reader does not contain a shimmer is to carry a little screwdriver around with you and go digging around in every slot you come across, but that's not exactly a viable solution. You're going to get kicked out of a lot of gas stations and banks trying to do this. But, this doesn't mean that we're all completely helpless to simply swipe our cards and hope for the best. There are some things that can be done on both the consumer and merchant's ends to stay a step ahead of thieves using shimmers.
As a customer make a note if something feels off about a card reader. Although shimmers generally go undetected, a poorly installed shimmer can be easy to spot. If your card doesn't slide in and out of a chip reader easily, then there may be a shimmer in there. You may want to avoid card readers that are not chip-capable.
In fact, it's not a bad idea to keep cash on you at all times so that you always have an option besides plastic when you are confronted with a new swiper that you haven't used before.
Of course there are other threats that you need to be aware of. If you're heading to an ATM, for instance, it's a good idea to stick to indoor machines where armed robbery is a little less likely. And if you are going to use the machine outside the bank, try to avoid doing so after dark. There's probably an all-night convenience store or Wal Mart in your town. They might charge a small fee but it beats getting robbed. Yes, even in 2018, when we have high-tech hackers using razor-thin card-readers to steal your information, armed robbery remains one of the most popular forms of theft.
Of course the most popular form of identity theft is still the theft of the card itself. Thieves are like fishermen. They don't necessarily target you, they just take what they can get. This means if you leave your wallet out on the table at a coffee shop and they see you take your eyes off it… Theft is, more often than not, a crime of opportunity. Many of these people may not even be career criminals, they just see an opening and they take it. They might never commit a serious crime again, but they see a misplaced credit card as free money and they're not even thinking of the legal and moral ramifications.
You also want to go with reliable sellers more often than not. If you're traveling or spending money in a part of town you don't frequent, you generally want to use cash. A lot of the responsibility on credit and debit card security rests on the merchant's shoulders, and a lot of merchants are really lax about it.
Chain locations tend to be a little safer because they take on a lot more liability risk. It can be hard to mend a damaged reputation, and that's more important to a national chain than it is to someone who only has a business because they run the only gas station in a neighborhood.
So how does a merchant keep up their end of the security obligations?
The main thing they need to focus on is checking CVV's through the dynamic CVV system. These are the little three digit numbers on the back of your card. There's no way to get this number off of a shimmer since it is only designed to get data from the magnet strip. So when the CVV on the card does not match the one in the database, the merchant knows that the card they're looking at is a fake. Again, not all merchants bother taking this step and thieves are most likely to focus on using those cards at stores where they can be fairly certain that the cashier isn't going to check.
If you are a merchant, it's very important to stay up to date on all standard security protocols. Protecting your customers is, of course, vital. If someone gets their information stolen at your shop, they're going to find somewhere else to do their shopping. But beyond that there are also concerns of liability. It's not unlikely to wind up in court, facing steep fines and possibly even jail time over lax security protocol.
Not to mention the chargebacks. If you run an unsafe cash register, you're going to wind up with a lot of customers hitting you with chargebacks, and that's going to hurt you a lot more than a few lost sales in the long run. So be sure to stay up to date on security measures for your card reader. And if you see anyone fiddling with your scanner in a way they shouldn't be, you might want to go ahead and have them removed from your shop. It's generally a good idea not to leave the counter totally unattended any time there are customers in the store.
In any event combating thieves is a collaborative effort between customers and merchants. Customers don't want to get ripped off, merchants don't want to get hit with chargebacks, and they definitely don't want to get sued. Merchants can also give customers a call any time a purchase seems fishy. You also have the right to refuse service when purchases seem suspect. If someone comes into your store and buys thirty pairs of matching shoes, either they coach a little league baseball team, or they're trying to make a purchase so they can resell on the black market, and they have to buy fast before the actual card holder is on to them.
The Future of Credit Card Security
The shimmer is probably a passing fancy. By 2020 we might not be worrying about shimmers at all. The emphasis is moving away from plastic and towards all-digital transactions.
When two people can tap their smartphones together to make a payment or you can pay from a console without having to take anything out of your pockets, why risk it with a plastic card that can be easily misplaced or stolen?
For the time being we still rely heavily on plastic cards. But these are increasingly becoming, like cash, a relic of an earlier time. Even our cards contain cutting edge computer chips instead of relying solely on magnet strips.
All of this being said, criminals tend to stay one step ahead. Hackers are always looking for security gaps, crooks won't hesitate when they see an opportunity that is open to them. Even in a post-plastic world, we're still going to see security concerns. Hackers may use readers and scanners to pick up on transferred information when smartphone transactions are made online or via wireless connection. And of course, they can always steal your phone and then find out how to unlock it with online tutorials.
We're always going to have some reason or another to worry about our data when making a purchase. No matter how advanced the technology gets or how careful we are, there's still going to be a risk. Luckily, that risk is generally manageable, and while you can't guarantee that nobody will ever rip you off, you can at least make it a little more difficult for thieves, crooks and scammers, and they might just feel that you're not worth the effort.
The series I've written about ATM skimmers, gas pump skimmers and other related fraud devices have become by far the most-read posts on this blog. I put this gallery together to showcase the entire series, and to give others a handy place to reference all of these stories in one place. Click the headline or the image associated with each blurb for the full story.
Real card slot on left, skimmer on right.
Jan. 15, 2010: Would You Have Spotted the Fraud? Pictured here is what's known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution. This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?
ATM PIN capture overlay device pulled back to reveal the legitimate PIN entry pad.
Feb. 2, 2010: ATM Skimmers, Part II …The U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud. Last week, I had a chance to chat with Rick Doten, chief scientist at Lockheed Martin‘s Center for Cyber Security Innovation. Doten has built an impressive slide deck on ATM fraud attacks, and pictured below are some of the more interesting images he uses in his presentations.
The backside end of a standard, $1,500 Diebold skimmer sold online.
March 25, 2010: Would You Have Spotted This ATM Fraud? …The site also advertises a sort of rent-to-own model for would-be thieves who need seed money to get their ATM-robbing businesses going. 'Skim With Our Equipment for 50% of Data Collected,' the site offers. The plan works like this: The noobie ATM thief pays a $1,000 'deposit' and is sent a skimmer and PIN pad overlay, along with a link to some videos that explain how to install, work and remove the skimmer technology.
A bogus PIN pad overlay
June 3, 2010: ATM Skimmers: Separating Cruft from Craft …The truth is that most of these skimmers openly advertised are little more than scams designed to separate clueless crooks from their ill-gotten gains. Start poking around on some of the more exclusive online fraud forums for sellers who have built up a reputation in this business and chances are eventually you will hit upon the real deal.
The backside of a GSM-based PIN pad overlay
June 17, 2010: Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message – Operating and planting an ATM skimmer — cleverly disguised technology that thieves attach to cash machines to intercept credit and debit card data — can be a risky venture, because the crooks have to return to the scene of the crime to retrieve their skimmers along with the purloined data. Increasingly, however, criminals are using ATM skimmers that eliminate much of that risk by relaying the information via text message.
Bluetooth-enabled gas pump skimmer.
July 20, 2010: Skimmers Siphoning Card Data at the Pump …Thieves recently attached bank card skimmers to gas pumps at more than 30 service stations along several major highways in and around Denver, Colorado, the latest area to be hit by a scam that allows crooks to siphon credit and debit card account information from motorists filling up their tanks.
Fun With ATM Skimmers, Part III …According to the European ATM Security Team (EAST), a not-for-profit payment security organization, ATM crimes in Europe jumped 149 percent form 2007 to 2008, and most of that increase has been linked to a dramatic increase in ATM skimming attacks. During 2008, a total of 10,302 skimming incidents were reported in Europe. Below is a short video authorities in Germany released recently showing two men caught on camera there installing a skimmer and a pinhole camera panel above to record PINs.
Nov. 10, 2010: All-in-One Skimmers – ATM skimmers come in all shapes and sizes, and most include several components — such as a tiny spy cam hidden in a brochure rack, or fraudulent PIN pad overlay. The problem from the thief's perspective is that the more components included in the skimmer kit, the greater the chance that he will get busted attaching or removing the devices from ATMs. Thus, the appeal of the all-in-one ATM skimmer: It stores card data using an integrated magnetic stripe reader, and it has a built-in hidden camera designed to record the PIN sequence after an unsuspecting customer slides his bank card into the compromised machine.
Audio skimmer for Diebold ATMs
Nov. 23, 2010: Crooks Rock Audio-based ATM Skimmers – The European ATM Security Team (EAST) found that 11 of the 16 European nations covered in the report experienced increases in skimming attacks last year. EAST noted that in at least one country, anti-skimming devices have been stolen and converted into skimmers, complete with micro cameras used to steal PINs. EAST said it also discovered that a new type of analogue skimming device — using audio technology — has been reported by five countries, two of them 'major ATM deployers' (defined as having more than 40,000 ATMs).
A GSM-based ATM card skimmer.
Dec. 13, 2010: Why GSM-based ATM Skimmers Rule …So, after locating an apparently reliable skimmer seller on an exclusive hacker forum, I chatted him up on instant message and asked for the sales pitch. This GSM skimmer vendor offered a first-hand account of why these cell-phone equipped fraud devices are safer and more efficient than less sophisticated models — that is, for the buyer at least (I have edited his sales pitch only slightly for readability and flow).
Jan. 17, 2011: ATM Skimmers, Up Close…I wasn't sure whether I could take this person seriously, but his ratings on the forum — in which buyers and sellers leave feedback for each other based on positive or negative experiences from previous transactions — were good enough that I figured he must be one of the few people on this particular forum actually selling ATM skimmers, as opposed to just lurking there to scam fellow scammers.
Jan. 31, 2011: ATM Skimmers That Never Touch the ATM….Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today's skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.
Feb. 16, 2011: Having a Ball With ATM Skimmers …On February 8, 2009, a customer at an ATM at a Bank of America branch in Sun Valley, Calif., spotted something that didn't look quite right about the machine: A silver, plexiglass device had been attached to the ATM's card acceptance slot, in a bid to steal card data from unsuspecting ATM users. But the customer and the bank's employees initially overlooked a secondary fraud device that the unknown thief had left at the scene: A sophisticated, battery operated and motion activated camera designed to record victims entering their personal identification numbers at the ATM.
Mar. 11, 2011: Green Skimmers Skimming Green…To combat an increase in ATM fraud from skimmer devices, cash machine makers have been outfitting ATMs with a variety of anti-skimming technologies. In many cases, these anti-skimming tools take the shape of green or blue semi-transparent plastic casings that protrude from the card acceptance slot to prevent would-be thieves from easily attaching skimmers. But in a surprising number of incidents, skimmer scammers have simply crafted their creations to look exactly like the anti-skimming devices.
April 10, 2001: ATM Skimmers: Hacking the Cash Machine…Most of the ATM skimmers I've profiled in this blog are comprised of parts designed to mimic and to fit on top of existing cash machine components, such as card acceptance slots or PIN pads. But sometimes, skimmer thieves find success by swapping out ATM parts with compromised look-alikes.
This paper-thin membrane fits under the real PIN pad.
May 18, 2011: Point-of-Sale Skimmers: Robbed at the Register …Michaels Stores said this month that it had replaced more than 7,200 credit card terminals from store registers nationwide, after discovering that thieves had somehow modified or replaced machines to include point of sale (POS) technology capable of siphoning customer payment card data and PINs. The specific device used by the criminal intruders has not been made public. But many devices and services are sold on the criminal underground to facilitate the surprisingly common fraud.
3D printer firm i.materialise received and promptly declined orders for these skimmer devices.
Sept. 20, 2011: Gang Used 3D Printers for ATM Skimmers …An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say. Apparently, word is spreading in the cybercrime underworld that 3D printers produce flawless skimmer devices with exacting precision. In June, a federal court indicted four men from South Texas (PDF) whom authorities say had reinvested the profits from skimming scams to purchase a 3D printer.
An audio skimmer for a Diebold ATM.
Oct. 13, 2011: ATM Skimmer Powered by MP3 Player …Almost a year ago, I wrote about ATM skimmers made of parts from old MP3 players. Since then, I've noticed quite a few more ads for these MP3-powered skimmers in the criminal underground, perhaps because audio skimmers allow fraudsters to sell lucrative service contracts along with their theft devices. The vendor of this skimmer kit advertises 'full support after purchase,' and 'easy installation (10-15 seconds).' But the catch with this skimmer is that the price tag is misleading. That's because the audio files recorded by the device are encrypted. The Mp3 files are useless unless you also purchase the skimmer maker's decryption service, which decodes the audio files into a digital format that can be encoded onto counterfeit ATM cards.
Dec. 7, 2011: Pro Grade (3D Printer-Made?) ATM Skimmer… In July 2011, a customer at a Chase Bank branch in West Hills, Calif. noticed something odd about the ATM he was using and reported it to police. Authorities who responded to the incident discovered a sophisticated, professional-grade ATM skimmer that they believe was made with the help of a 3D printer.
Backside of an ATM skimmer found this year at a bank in the San Fernando Valley area of California.
Slot Shimmers Youtube
April 25, 2012: Skimtacular: All-In-One ATM Skimmer…I spent the past week vacationing (mostly) in Southern California, traveling from Los Angeles to Santa Barbara and on to the wine country in Santa Ynez. Along the way, I received some information from a law enforcement source in the area about a recent ATM skimmer attack that showcased a well-designed and stealthy all-in-one skimmer.
July 24, 2012: ATM Skimmers Get Wafer Thin… It's getting harder to detect some of the newer ATM skimmers, fraud devices attached to or inserted into cash machines and designed to steal card and PIN data. Among the latest and most difficult-to-spot skimmer innovations is a wafer-thin card reading device that can be inserted directly into the ATM's card acceptance slot.
Sept. 5, 2012: A Handy Way to Foil ATM Skimmers… I spent several hours this past week watching video footage from hidden cameras that skimmer thieves placed at ATMs to surreptitiously record customers entering their PINs. I was surprised to see that out of the dozens of customers that used the compromised cash machines, only one bothered to take the simple but effective security precaution of covering his hand when entering his 4-digit code.
Nov. 20, 2012: Beware Card- and Cash-trapping at the ATM… Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users.
A crude skimming device removed from an Inova Hospital in Fairfax, Va. last month.
Dec. 12, 2012: ATM Thieves Swap Security Camera for Keyboard…This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like child's play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.
Dec. 18, 2012: Point-of-Sale Skimmers: No Charge…Yet… If you hand your credit or debit card to a merchant who is using a wireless point-of-sale (POS) device, you may want to later verify that the charge actually went through. A top vendor of POS skimmers ships devices that will print out 'transaction approved' receipts, even though the machine is offline and is merely recording the customer's card data and PIN for future fraudulent use.
Feb. 1, 2013: Pro-Grade Point-of-Sale Skimmer….Every so often, the sophistication of the technology being built into credit card skimmers amazes even the experts who are accustomed to studying such crimeware. This post focuses on one such example — images from one of several compromised point-of-sale devices that used Bluetooth technology to send the stolen data to the fraudsters wirelessly.
Apr. 24, 2013: How Not To Install an ATM Skimmer…. Experts in the United States and Europe are tracking a marked increase in ATM skimmer scams. But let's hope that at least some of that is the result of newbie crooks who fail as hard as the thief who tried to tamper with a Bank of America ATM earlier this week in Nashville.
Panda Slot Youtube
July 16, 2013: Getting Skimpy With ATM Skimmers…Cybercrooks can be notoriously cheap, considering how much they typically get for nothing. I'm reminded of this when I occasionally stumble upon underground forum members trying to sell a used ATM skimmer: Very often, the sales thread devolves into a flame war over whether the fully-assembled ATM skimmer is really worth more than the sum of its parts.
Oct. 10, 2013: Norstrom Finds Cash Register Skimmers…Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
Dec. 3, 2013: Simple But Effective Point-of-Sale Skimmer…Point-of-sale (POS) skimmers — fraud devices made to siphon bank card and PIN data at the cash register — have grown in sophistication over the years: A few months back, this blog spotlighted a professionally made point-of-sale skimmer that involved some serious hacking inside the device. Today's post examines a comparatively simple but effective POS skimmer that is little more than a false panel which sits atop the PIN pad and above the area where customers swipe their cards.
Dec. 18, 2013: The Biggest Skimmers of All: Fake ATMs…This blog has spotlighted some incredibly elaborate and minaturized ATM skimmers, fraud devices that thieves attach to ATMs in a bid to steal card data and PINs. But a skimmer discovered in Brazil last month takes this sort of fraud to another level, using a completely fake ATM designed to be stacked directly on top of a legitimate, existing cash machine.
Jan. 22, 2014: Gang Rigged Pumps With Bluetooth Skimmers…Authorities in New York on Tuesday announced the indictment of thirteen men accused of running a multi-million dollar fraud ring that allegedly installed Bluetooth-enabled wireless gas pump skimmers at filling stations throughout the southern United States.
May 30, 2014: Thieves Planted Malware to Hack ATMs…A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come.
July 14, 2014: The Rise of Thin, Mini and Insert Skimmers…Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Here's a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year.
August 21, 2014: Stealthy, Razor Thin ATM Insert Skimmers…An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here's a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week.
October 20, 2014: Spike in Malware Attacks on Aging ATMs…This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.
November 26, 2014: Skimmer Innovation: ‘Wiretapping' ATMs…Banks in Europe are warning about the emergence of a rare, virtually invisible form of ATM skimmer involving a so-called 'wiretapping' device that is inserted through a tiny hole cut in the cash machine's front. The hole is covered up by a fake decal, and the thieves then use custom-made equipment to attach the device to ATM's internal card reader.
December 9, 2014: More on Wiretapping ATM Skimmers…Last month, this blog featured a story about an innovation in ATM skimming known as wiretapping, which I said involves a 'tiny' hole cut in the ATM's front through which thieves insert devices capable of eavesdropping on and recording the ATM user's card data. Turns out, the holes the crooks make to insert their gear tend to be anything but tiny.
January 6, 2015: Thieves Jackpot ATMs with Black Box Attack…Previous stories on KrebsOnSecurity about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about the emergence of a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack.
March 17, 2015: Door Skimmer + Hidden Camera = Profit…If an ATM you'd like to use is enclosed in a vestibule that requires a card swipe at the door, it might be a good idea to go find another machine, or at least use something other than a payment card to gain entry. Thieves frequently add skimmers to these key card locks and then hide cameras above or beside such ATMs, allowing them to steal your PIN and card data without ever actually tampering with the cash machine itself.
April 6, 2015: Hacking ATMS, Literally…Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs.
May 4, 2015: Foiling Pump Skimmers with GPS…Credit and debit card skimmers secretly attached to gas pumps are an increasingly common scourge throughout the United States. But the tables can be turned when these fraud devices are discovered, as evidenced by one California police department that has eschewed costly and time-consuming stakeouts in favor of affixing GPS tracking devices to the skimmers and then waiting for thieves to come collect their bounty.
July 22, 2015: Spike in ATM Skimming in Mexico?…Several sources in the financial industry say they are seeing a spike in fraud on customer cards used at ATMs in Mexico. The reason behind that apparent increase hopefully will be fodder for another story. In this post, we'll take a closer look at a pair of ATM skimming devices that were found this month attached to a cash machine in Puerto Vallarta — a popular tourist destination on Mexico's Pacific coast.
Aug. 11, 2015: Chip Card ATM ‘Shimmer' Found in Mexico…Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine's card acceptance slot and used to read data directly off of chip-enabled credit or debit cards. The device pictured below is a type of skimmer known as a 'shimmer,' so named because it acts a shim that sits between the chip on the card and the chip reader in the ATM — recording the data on the chip as it is read by the ATM. Naturacereal bio chia samen.
Sept. 14, 2015: Tracking a Bluetooth Skimmer Gang in Mexico…Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe. If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack?
Sept. 15, 2015: Tracking Bluetooth Skimmers in Mexico, Part II…I spent four days last week in Mexico, tracking the damage wrought by an organized crime ring that is bribing ATM technicians to place Bluetooth skimmers inside of cash machines in and around the tourist areas of Cancun. Today's piece chronicles the work of this gang in coastal regions farther south, following a trail of hacked ATMs from Playa Del Camen down to the ancient Mayan ruins in Tulum.
Dec. 16, 2015: Skimmers Found at Some Calif., Colo. Safeways…Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores.
Feb. 3, 2016: Spike in ATM Skimming in Mexico?…In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn't disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device.
Feb. 9, 2016: Skimmers Hijack ATM Network Cables…If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.
May 5, 2016: Crooks Go Deep With ‘Deep Insert' Skimmers…ATM maker NCR Corp. says it is seeing a rapid rise in reports of what it calls 'deep insert skimmers,' wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine. KrebsOnSecurity's All About Skimmers series has featured several stories about insert skimmers. But the ATM manufacturer said deep insert skimmers are different from typical insert skimmers because they are placed in various positions within the card reader transport, behind the shutter of a motorized card reader and completely hidden from the consumer at the front of the ATM.
Panda Casino Slots Youtube
May 25, 2016: Skimmers Found at Walmart: A Closer Look…Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals. Much like the skimmers found at some Safeway locations earlier this year, the skimming device pictured below was designed to be installed in the blink of an eye at self-checkout lanes — as in recent incidents at Walmart stores in Fredericksburg, Va. and Fort Wright, Ky. In these attacks, the skimmers were made to piggyback on card readers sold by payment solutions company Ingenico.
June 13, 2016: ATM Insert Skimmers In Action…KrebsOnSecurity has featured several recent posts on 'insert skimmers,' ATM skimming devices made to fit snugly and invisibly inside a cash machine's card acceptance slot. I'm revisiting the subject again because I've recently acquired how-to videos produced by two different insert skimmer peddlers, and these silent movies show a great deal more than words can tell about how insert skimmers do their dirty work.
Slot Wins Today On Youtube
June 24, 2016: How to Spot Ingenico Self-Checkout Skimmers…A KrebsOnSecurity story last month about credit card skimmers found in self-checkout lanes at some Walmart locations got picked up by quite a few publications. Since then I've heard from several readers who work at retailers that use hundreds of thousands of these Ingenico credit card terminals across their stores, and all wanted to know the same thing: How could they tell if their self-checkout lanes were compromised? This post provides a few pointers.