Intel From The Field

The European ATM Security Team (E.A.S.T.) recently published its second European Fraud Update of 2014, covering ATM and other terminal fraud trends. EAST is a regional industry organization whose members are committed to sharing information about ATM attacks.

Members reported ATM card skimming attacks in 18 European countries. Obviously, ATM skimming is still a widespread problem with many actors actively engaged in these crimes. Also, it illustrates that skimming continues to be an issue in areas where EMV is deployed due to cross border fraud opportunities.

An anecdotal data point from the report is members have seen skimmers left in place for longer periods of time than usual, in the range of 4-5 days. This underscores the need for detection and indicates that operators need a detection process that examines ATMs on a frequent basis for signs of compromise. Fortunately, there is a solution that takes less than a minute to examine an ATM for signs of compromise.

Members also reported skimming attacks in 12 counties involving petroleum dispensers or other unattended POS devices. Again, any device in an unattended location needs to be watched more carefully for signs of compromise. Finally, a member reported seeing the use of “ghost terminals” in their region, where criminals substitute POS devices with modified devices that can capture card data. Substitute terminals may be harder to detect with visual inspection, but an inventory management system (such as that offered by Termtegrity SpotSkim) checks against barcodes and serial numbers to definitively detect substitution.

It’s essential for anyone operating payment acceptance devices to keep up to date with trends and intelligence on attackers like this notice delivered by EAST. The Termtegrity twitter feed provides links to news stories daily about skimming attacks worldwide.