ATM skimmers up ante as U.S. drags tail on chip, PIN technology
ATM skimmers have improved to the point where they're smaller, more agile and swiping money from cash machines throughout Europe.
As noted by Brian Krebs, the European ATM Security Team (EAST) has outlined a series of mini fraud devices including a few made to fit cash machines by NCR.
Some of the ATM skimmers even include hidden cameras to record your PIN input---simply covering your PIN entry with your other hand (right) would improve security greatly.
But the real point here is that these ATM skimmers are doing well even though Europe has adopted chip and PIN technology, or EMV (Eurocard, Mastercard and Visa). Krebs noted:
Unfortunately, the United States is the last of the G-20 nations that has yet to transition to chip & PIN, which means most ATM cards issued in Europe have a magnetic stripe on them for backwards compatibility when customers travel to this country. Naturally, ATM hackers in Europe will ship the stolen card data over to thieves here in the U.S., who then can encode the stolen card data onto fresh (chipless) cards and pull cash out of the machines here and in Latin America.
In other words, the inability of the U.S. to get its butt in gear on chip and PIN technology means ATM crime is being exported.
Of course, the Target breach late in 2013 means chip and PIN will be adopted faster right? After all, even the credit card companies are on board as well as many retailers. I wouldn't count on it.
A funny thing has happened in the last few months. The drumbeat for chip and PIN has gone a bit quiet. Meanwhile, the U.S. sacrificial security lamb---Target---has replaced its CEO. In other words, Target has thrown out the executives responsible when it was hit by its security breach. With an interim CEO on board, does anyone really think Target will continue to be a force for moving chip and PIN technology faster in retail? Let's face it. Target just wants to move on just like the rest of the retail industry.
More: Target, JC Penney among new ragtag retail cybersecurity team | Target CEO departure watershed for IT, business alignment | Target names DeRodes CIO; Aims to rebuild security chops
Without a crisis, it's unlikely that the drumbeat for chip and PIN will continue. Next stop: The fancy skimmers outlined by Krebs could lead to a wave of ATM fraud. News stories will follow. Stakeholders will push for faster EMV adoption and then forget once the news cycle plays out. Rinse and repeat and maybe the U.S. fires up EMV technology. Maybe.
Previously: Target's data breach tab mostly covered by insurance so far | How hackers stole millions of credit card records from Target | Target hackers hit air-conditioning firm first as a way in | Target's data breach: It gets worse | Many times bitten, retailers scramble to prevent another Target-like meltdown | Visa CEO: We need better security, EMV chips, tokens