This week, Global ATM manufacturer NCR Corp issued an alert about card reader eavesdropping attacks, which was first identified in Europe last year and are spreading now across the world. These attacks involve accessing or opening the top of an ATM’s enclosure, where the card reader is housed, and attaching a so-called wiretapping or eavesdropping device to the reader. The attackers’ device captures card data as it is transmitted from the card reader to the ATM.
Earlier attacks, which were targeting through-the-wall ATMs typically installed right outside a bank branch, involved drilling a hole or cutting into the ATM’s enclosure to insert and attach the device to the card reader.
Now, however, NCR says fraudsters have changed their technique by targeting stand-alone, lobby-style ATMs, which are commonly placed in retail locations, and opening ATM enclosures either by picking the physical locks or opening the machines with commonly used electronic access keys or codes.
An electronic data tapping and storage device similar to those seen in other eavesdropping attacks is then attached directly to the card reader. Unlike eavesdropping attacks carried out by drilling a hole in the ATM fascia (which is then disguised with a sticker or other cover) this version leaves no visible trace of the breach on the exterior of the ATM, the alert said.
It’s far too common for banks to continue to use the default electronic access keys or codes programmed by the original equipment manufacturer before ATMs are shipped out. And these codes often are universal, such as 1234, especially for certain makes and models.
“If merchants, or other off-premises ATM deployers, fail to change default keys or codes, they’re leaving themselves open to attack.”
Thus, if banks and merchants don’t change these codes when they install and deploy their ATMs, they leave themselves open to easy attack, because criminals can readily find these default codes on the Internet, in underground forums or even product or repair forums.
How it works?
Eavesdropping involves the interception of card data while it’s in transit, not skimming data from a magnetic-stripe as the card is inserted into the ATM. That makes these attacks tricky to detect and thwart, because it bypasses anti-skimming technology ATM manufacturers have for years pushed out to the market, Wild says.
But some anti-skimming solutions that alert banks or merchants when ATM enclosures are opened would at least raise a flag that something is amiss. Still, eavesdropping attacks are just another example of how fraudsters are constantly perfecting their techniques. “There is never going to be a single solution that stops everything,” Wild says.
Earlier attacks, which were targeting through-the-wall ATMs typically installed right outside a bank branch, involved drilling a hole or cutting into the ATM’s enclosure to insert and attach the device to the card reader.
Now, however, NCR says fraudsters have changed their technique by targeting stand-alone, lobby-style ATMs, which are commonly placed in retail locations, and opening ATM enclosures either by picking the physical locks or opening the machines with commonly used electronic access keys or codes.
An electronic data tapping and storage device similar to those seen in other eavesdropping attacks is then attached directly to the card reader. Unlike eavesdropping attacks carried out by drilling a hole in the ATM fascia (which is then disguised with a sticker or other cover) this version leaves no visible trace of the breach on the exterior of the ATM, the alert said.
It’s far too common for banks to continue to use the default electronic access keys or codes programmed by the original equipment manufacturer before ATMs are shipped out. And these codes often are universal, such as 1234, especially for certain makes and models.
“If merchants, or other off-premises ATM deployers, fail to change default keys or codes, they’re leaving themselves open to attack.”
Thus, if banks and merchants don’t change these codes when they install and deploy their ATMs, they leave themselves open to easy attack, because criminals can readily find these default codes on the Internet, in underground forums or even product or repair forums.
How it works?
Eavesdropping involves the interception of card data while it’s in transit, not skimming data from a magnetic-stripe as the card is inserted into the ATM. That makes these attacks tricky to detect and thwart, because it bypasses anti-skimming technology ATM manufacturers have for years pushed out to the market, Wild says.
But some anti-skimming solutions that alert banks or merchants when ATM enclosures are opened would at least raise a flag that something is amiss. Still, eavesdropping attacks are just another example of how fraudsters are constantly perfecting their techniques. “There is never going to be a single solution that stops everything,” Wild says.
