That didn’t take long. An ATM security firm recovered a device from a Diebold ATM in Mexico designed to record data exchanged between the chip in a debit card and the chip reader in an ATM, according to a report by Brian Krebs of the Krebs on Security blog.
They’re calling it a “shimming” device because it actually fits within the ATM slot itself, placing a super thin data reader between where the chip in a debit card would rest and the chip reader.
Why you should care
Chip debit cards have been touted as an upgrade over easily counterfeited magnetic-stripe cards, and it’s true that it would probably be next to impossible for a criminal to mint a counterfeit chip card using data stolen in this way.
But it’s possible a thief could take the information captured from the device and use it to print a magnetic-stripe card that could then be used at lower-security ATMs, Krebs writes. While there are some safeguards in place to avoid this exact kind of attack, involving the difference between the Card Verification Value, or CVV, number encoded in a magnetic stripe and the one encoded on a chip, some banks may not yet take advantage of that security feature.
For some cool pictures of the device, check out Krebs’ blog.
What do you think? Do you ever worry you’ll fall victim to ATM skimming attacks? Have you ever?
1 more thing
This latest bit of news offers a big lesson: Crooks will go to great lengths to try to steal, which means consumers need to be vigilant. That includes routinely checking your credit report to ensure no one is opening up new lines in your name. Check your report for free at myBankrate.
Follow me on Twitter: @claesbell.