Momma always told you to be careful at ATMs, so you hide your PIN from strangers and use the machines in a well-lighted area. But what if the machine itself is stealing your information?
A gang of high-tech thieves has allegedly been traveling up and down Florida's east coast, hacking those "Presto!" ATMs outside Publix stores to steal your card number and PIN. A regular-looking schlub in shorts and a Marlins cap (of course) showed up on video cameras, looking over his shoulder as he tampered with the device for around two minutes, then left it to his victims.
Fort Lauderdale police won't say how the "skimming" devices worked, because they don't want to educate wannabe thieves. But the world of skimming is a complicated, high-tech place.
Essentially, a skimmer device has two parts: a magnetic reader that overlays the one used by the ATM, to simultaneously capture your card number as you swipe the card. Then there's a device to steal your PIN, which usually works in one of three ways: a pinhole camera spies on the keypad; an infrared camera captures a "heat map" showing which keys are warm from being pressed (the coldest ones were pressed first); or even a keypad "overlay" that looks like the real thing and captures each press. The electronics are usually hidden in the card-reader section of the device, and a pinhole camera is usually included in that as well.
So what type of electronics did the Publix thieves use? Not so fast, Sparky. "Releasing that information would potentially educate the suspects or wanna-be suspects," says DeAnna Garcia of the Fort Lauderdale Police Department. So the place to go for skimming information seems to be Brian Krebs, a former Washington Post reporter who now runs the blog krebsonsecurity.com.
He reveals a criminal underworld in which rogue experts sell full skimming kits through scammer forums and IRC chat, thieves use custom-manufactured readers made by 3-D printers, and ball-shaped cameras stuck like fungus in the upper corner of ATMs record your fingers' every move.