A few years back (Before Chipped Cards), I was repairing an ATM in a very busy tourist area in Ontario, Canada. The call was generated because people were complaining the ATM was prompting them for a a password before they entered their debit card. I’m sorry, If you proceed to use a financial device that seems shady and get ripped off you’re guilt of ignorance. We’ve become too trusting and accustomed to quick payment solutions. It’s your responsibility as a consumer to be vigilant on every transaction. My rant is over..
When I arrived I started my routine inspection of the front fascia. I noticed something wasn’t right with the component that accepts the cards. When I noticed this I felt as if I had won the lottery. My heart was seriously racing. This kind of find in the industry is somewhat rare as the scammers usually are watching and are quick to grab their equipment when the heat is on.
As you can see from the picture above (Please excuse the bad quality), there is something inside of the green card guide, This should be completely empty. Closer inspection revealed a mechanism design to clone your card info and store it on a small piece of RAM. This was powered by a small watch battery. All of which was jammed into the green card guide.
Your card would pass this cloning mechanism first then into the actual card reader. The end user is typically unaware of anything as their transaction would proceed as normal.One major bank has installed jitter units in their ATM’s to prevent this. The card is accepted into the ATM in a stuttering fashion rather that a smooth insertion, causing corrupted data on the skimming device. Even if the bad guys make a clone of your card, It’s pretty much useless without the password. This is where the next device comes into play.
This is the custom camera used to record victims passwords. The camera is a basic SD camera customized to fit a tight space, Right above the keypad. The next time you’re at an ATM look above the screen. Basically at eye level. There is usually a lip which makes the perfect spot for a camera.
They attached the removable panel from the lip onto the camera, drilling a pinhole for the camera optic. This was reinserted into the lip completely unnoticeable. They would then let the camera run and capture the passwords.
View of the battery pack on the camera device.
Side view of the camera device, This shows the SD slot.
Another view of the camera device.
Once the scammers get enough cloned cards gathered, They remove the equipment on the ATM and transfer the information onto blank cards.
Things have changed since this incident with the introduction of Chipped Cards. The chip adds a very secure layer to financial transactions. The most important rule when using any debit device is to cover your pin. Even if your card gets stolen or cloned it’s useless without your code.