A recent post on KrebsOnSecurity.com includes two instructional videos on ATM deep insert skimmers. These “how-to” videos were produced by those selling the skimming devices and show how to install the skimmers onto ATMs, how they work, and how they can be removed. Read more.
Last month, NCR issued an alert in response to a sudden increase of deep insert skimming attacks on all ATM manufacturers and reader types in several countries, including the U.S. Per the alert:
- These are different from typical insert skimmers in that the deep insert skimmers are placed in various positions within the card reader transport, behind the shutter of a motorized card reader and completely hidden from the consumer at the front of the ATM.
- Since the device sits well inside the card reader, away from skimming detectors or jammers, they are unlikely to be affected by most active anti-skimming jamming solutions. They are also unlikely to be detected by most fraudulent device detection solutions.
- NCR has developed a response to this attack, in the form of a modification to the card reader firmware. The firmware is designed to detect the insertion of the device, regardless of form factor.