ATM skimmers up ante as U.S. drags tail on chip, PIN technology

Summary:ATM skimmers are doing well even though Europe has adopted chip and PIN technology, or EMV. Why? Europe has to be compatible with the U.S., which hasn't adopted EMV.

ATM skimmers have improved to the point where they're smaller, more agile and swiping money from cash machines throughout Europe.

As noted by Brian Krebs, the European ATM Security Team (EAST) has outlined a series of mini fraud devices including a few made to fit cash machines by NCR.

hand atm
Credit: EAST

Some of the ATM skimmers even include hidden cameras to record your PIN input---simply covering your PIN entry with your other hand (right) would improve security greatly.

But the real point here is that these ATM skimmers are doing well even though Europe has adopted chip and PIN technology, or EMV (Eurocard, Mastercard and Visa). Krebs noted:

Unfortunately, the United States is the last of the G-20 nations that has yet to transition to chip & PIN, which means most ATM cards issued in Europe have a magnetic stripe on them for backwards compatibility when customers travel to this country. Naturally, ATM hackers in Europe will ship the stolen card data over to thieves here in the U.S., who then can encode the stolen card data onto fresh (chipless) cards and pull cash out of the machines here and in Latin America.

Research: 41 percent increasing IT security budget in 2014

In other words, the inability of the U.S. to get its butt in gear on chip and PIN technology means ATM crime is being exported.

Of course, the Target breach late in 2013 means chip and PIN will be adopted faster right? After all, even the credit card companies are on board as well as many retailers. I wouldn't count on it.

A funny thing has happened in the last few months. The drumbeat for chip and PIN has gone a bit quiet. Meanwhile, the U.S. sacrificial security lamb---Target---has replaced its CEO. In other words, Target has thrown out the executives responsible when it was hit by its security breach. With an interim CEO on board, does anyone really think Target will continue to be a force for moving chip and PIN technology faster in retail? Let's face it. Target just wants to move on just like the rest of the retail industry.

More:  Target, JC Penney among new ragtag retail cybersecurity team  |  Target CEO departure watershed for IT, business alignment  |  Target names DeRodes CIO; Aims to rebuild security chops

Without a crisis, it's unlikely that the drumbeat for chip and PIN will continue. Next stop: The fancy skimmers outlined by Krebs could lead to a wave of ATM fraud. News stories will follow. Stakeholders will push for faster EMV adoption and then forget once the news cycle plays out. Rinse and repeat and maybe the U.S. fires up EMV technology. Maybe.

Previously:  Target's data breach tab mostly covered by insurance so far  |  How hackers stole millions of credit card records from Target  |  Target hackers hit air-conditioning firm first as a way in  |  Target's data breach: It gets worse  |  Many times bitten, retailers scramble to prevent another Target-like meltdown  |  Visa CEO: We need better security, EMV chips, tokens

Topics: Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.