Credit Card skimmers are devices added to Credit Card readers that allow malicious types to read the magnetic stripe on a users card as well as record their keystrokes to get the PIN.
Someone finally came up with a card that can be inserted into a suspect reader - it will detect if there are more than one read heads. From the 2018 Usenix Security Symposium:
Fear the Reaper: Characterization and Fast Detection of Card Skimmers
Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card data using skimmers, which are attached to legitimate payment devices including point of sale terminals, gas pumps, and ATMs. Detecting such devices can be difficult, and while many experts offer advice in doing so, there exists no large-scale characterization of skimmer technology to support such defenses. In this paper, we perform the first such study based on skimmers recovered by the NYPD's Financial Crimes Task Force over a 16 month period. After systematizing these devices, we develop the Skim Reaper, a detector which takes advantage of the physical properties and constraints necessary for many skimmers to steal card data. Our analysis shows the Skim Reaper effectively detects 100% of devices supplied by the NYPD. In so doing, we provide the first robust and portable mechanism for detecting card skimmers.
The paper goes in to a lot of detail - a very elegant hack to cure a very serious problem.
Leave a comment