Criminals are getting more and more sophisticated with their modus these days, targeting their hapless victims with gadgets that are increasingly high-tech. This was revealed when ATM hackers in Mexico were discovered to be using an extremely thin card data gathering system called "shimmer" in a report by Krebs On Security Wednesday.
Experts found that the skimming device is inserted into an ATM card slot where it reads and records the data of another inserted card through its built-in chip. The unobtrusive device acts as a shim between the card and the ATM chip reader, hence, the name. The technology is impressive because it does not hamper the ATM machine's chip reading process.
"Cards equipped with a computer chip are more secure than cards which rely solely on magnetic stripes to store account data. Although the data that is typically stored on a card's magnetic stripe is replicated inside the chip on chip-enabled cards, the chip contains additional security components not found on a magnetic stripe," according to Krebs On Security.
However, the stolen information collected by the hackers through "shimmer" allows them not just to retrieve data, but replicate both the ATM card chip and the magnetic strip, reported Techcrunch. The hackers achieve this by circumventing the integrated card verification mechanism, which protects cards from counterfeiting. The ATM clone is then used to successfully withdraw cash from the ATM machine.
It appears that hackers target banks that do not religiously check their ATM machines for card skimming devices. Krebs On Security also noted that these banks could overlook withdrawals using clone ATM cards because of its thinness and location.
It is not clear from the early reports on the "shimmer" scheme which Mexican banks are affected or whether the technology is already exported to other countries. Banks are yet to respond to this new threat, so ATM users should exercise caution with their withdrawals.