Danish ATM-Card Skimming

Criminals are breaking into stores and pretending to ransack them, as a cover for installing ATM skimming hardware, complete with a transmitter.

Note the last paragraph of the story -- it's in Danish, sorry -- where the company admits that this is the fourth attempt they know of criminals installing reader equipment inside ATM terminals for the purpose of skimming numbers and PINs.

Tags: ATMs, crime, Denmark, fraud, PINs, skimmers

Posted on March 9, 2006 at 1:40 PM • 17 Comments

Comments

Homeland Stupidity • March 9, 2006 1:53 PM

http://www.msnbc.msn.com/id/11731365/

They don't even need PINs anymore, now that they can just break into the retailer's point of sale systems and download hundreds or thousands of them all at once.

moz • March 9, 2006 2:12 PM

It's hardly sensible compared to what has been done to ATMs in Poland

http://www.policja.katowice.pl/bankomaty.htm

Why risk a break in??!!?? Adrenalin rush?

Raindeer • March 9, 2006 2:45 PM

This has been a problem in The Netherlands a couple of years ago. Putting new plastic slots on it, basically killed of the skimming. Heck, it was a CSI show. So a bank claiming it is only the fourth one, is not too smart.

1915bond • March 9, 2006 2:52 PM

Considering the huge investment in data mining operations coming from Eastern Europe, I'd suspect much of the compromised accounts are from r00ted joes and janes who bill-pay and bank online.

1915bond • March 9, 2006 3:15 PM

I should have included this link:
http://www.infoworld.com/article/06/03/03/75970_10OPsecadvise_1.html

Just one way (and quite ingenious) of lifting data from everyman.

Kirit • March 9, 2006 10:12 PM

The last paragraph says: "IT/Communications consultant Søren Winge from PBS tells us his company currently knows of four examples where criminals have attempted to install card reading hardware in ATMs to try to gain customer's card details."

drac • March 9, 2006 10:54 PM

All these attacks on credit cards are because the current security standards are year out of date. Only a move to full smart card support will reduce the risk of fraud via technical hacks leaving the old faithfull social engineering

Erik N • March 10, 2006 2:59 AM

I recall this is not the first such story in Denmark. Only that previously there were no transmitter. Instead the criminals would break in again later to steal the terminals to get the data.

I have no reference for this though (and anyway it would be in danish).

Erik N • March 10, 2006 3:05 AM

Not in the news: The banks in Denmark issue chipcards as of more than a year ago, they still have the magnetic code also for backwards compatibility, and the new terminals also have magnetic code readers as well.

The mentioned attack attacks the magnetic code so this may push for faster enrolment of chip readers.

Dimitris Andrakakis • March 10, 2006 3:52 AM

Criminals here (in Greece) have a simpler way of doing bussiness:

They install tiny cameras above or near the ATMs. The vast majority of the people don't cover the keypad when entering the PIN, so the criminals get to record it. The account balance is also recorded if requested.

The victim is robbed shortly after the ATM transaction, usually by a couple of men riding a motorcycle. With the ATM card in hand, the crinimals go right away to an ATM, make the largest withdrawal they can (for most banks its €900 to €1200) and dispose the card immediately after that.

Beaufour • March 10, 2006 5:43 AM

moz: The "install fake keypads and readers on top of the ATMs" happened in Denmark too a while ago.

Akos • March 10, 2006 5:44 AM

In Hungary some fraudsters put a sticker onto the ATM with a nearby payphone number as the contact phone number for the bank, and made the ATM (half)swalow the card.
When the card didn't come back the victim called the number they believed to be the bank's and to identify themself they were asked the PIN.
Then they were told not to worry and that they can have the card back the next day in their bank.
After the victim had gone the fraudsters retrieved the card and used the PIN to withdraw as much money as they could.

Caught on tape! • March 10, 2006 2:08 PM

I know you don't like video surveillance systems, but in this situation, a video surveillance system could catch the ATM-skimming-installation activity of the criminals.

The criminals could theoretically disable the surveillance system, but that's another addition to their breakin plan, and not necessarily an easy thing to do, and may provide a deterrent, influencing them to strike elsewhere.

nantucket • March 14, 2006 4:49 PM

Remember money is a fictional abstract concept used as a base of exchange for goods and services.

The more fictional and abstract the money becomes, the less meaningful theft becomes.

nantucket

Peter the Painter • March 16, 2006 2:56 AM

I don't this would be worth doing in the UK as we now have C&P universally. Correct me if I am wrong.

Peter the Painter • March 16, 2006 2:57 AM

SORRY
I don't think this would be worth doing in the UK as we now have C&P universally. Correct me if I am wrong.

Dyslexia rules, KO.

KobusP • June 6, 2006 7:09 AM

Soon physical credit cards will be something of the past, have a look at www.unetan.com

Name (required):

E-mail Address:

URL:

Fill in the blank: the name of this blog is Schneier on ___________ (required):

Comments:

Allowed HTML: <a href="URL"> • <cite> • • • <ul> <ol> <li> • <blockquote> <pre>

← Data Mining for Terrorists More on the ATM-Card Class Break →

Sidebar photo of Bruce Schneier by Joe MacInnis.

Danish ATM-Card Skimming

Comments

Leave a comment