ATM Shimmer Devices May Crack EMV Cards
A new ATM skimming device has surfaced that is able to record the data on EMV cards as they’re read by ATMs, according to a report by security expert Brian Krebs.
The device, called a “shimmer,” is apparently inserted into the mouth of the ATM’s card acceptance slot and sits between the card’s chip and the ATM’s chip reader. Fraud experts in Mexico discovered one on a Diebold Opteva 520 with a chip reader, according to the report, which was published on KrebsonSecurity.com.
The chips on many EMV cards contain a security component called an integrated circuit card verification value that protects against copying magnetic stripe data from the chip. However, thieves may have devised a workaround.
“Banks can run a simple check to see if any card inserted into an ATM is a counterfeit magnetic stripe card that is encoded with data stolen from a chip card,” Krebs reported. “But there may be some instances in which banks are doing this checking incorrectly or not at all during some periods, and experts say the thieves have figured out which ATMs will accept magnetic stripe cards that are cloned from chip cards.”
The news comes after credit scoring and analytics firm FICO reported that between Jan. 1 and April 9, 2015, the number of attacks on debit cards used at ATMs reached the highest level for that period in at least 20 years.
Debit card compromises at ATMs on financial institution property rose by 174% from Jan. 1 to April 9, compared to the same period last year, and successful attacks at nonbank machines spiked by 317%, according to FICO.
Diebold did not immediately respond to CU Times’ request for comment.