ATM & ITM Scams: A Guide to Skimming Detection and ATM Safety
Regular monitoring and maintenance of ATMs/ITMs is paramount to the safety of individuals and financial institutions against ATM-based criminal activities, including credit card skimming, theft, and identity fraud. ATM scams are on the rise. In fact, FICO reported a 109% year-over-year increase in ATM fraud between 2022 and 2023.
ATM scams often involve the use of specialized equipment such as hidden cameras, fake card reader installations, PIN PAD overlays, and other specialized technology designed to deceive the user into providing sensitive financial information. Unfortunately, signs of a tampered ATM or ITM machine may be hard to spot for the average unsuspecting consumer, and even many financial professionals.
However, the ATM/ITM experts at Shields Business Solutions know just where to look. This guide is designed to help financial institutions stay ahead of the criminal element by showing common skimming tactics and devices while laying out best practices to protect your ATMs—and your customers—from ATM fraud.
ATM/ITM Skimming
Skimmers are devices that are designed to read card information when a card is inserted into an ATM/ITM card reader. Spy Cameras or PIN pad overlays are often used in conjunction with skimmers to simultaneously record user PINs. These devices work together to steal the data needed to either recreate a fraudulent duplicate card, to make online purchases, or to sell on the dark web (black market internet sites). Most devices are not easily spotted if the user isn’t looking closely or unaware of the threat—however, once you know where to look, they can often be easily spotted with a visual and physical inspection.
There are multiple types of ATM skimmers, but how they can be detected and removed depends on their exact construction. Let’s take a look at a few common types of skimmers.
Fake Bezel Skimmers
With a fake bezel skimmer, the device that contains the skimmer is glued or taped over the real ATM bezel. When looking for one, you may have to pull on the actual bezel to discover this cleverly crafted device. Important considerations to keep in mind:
- Bezel Type skimmers can look factory-real. In the pictures above, you can see how the entire silver portion was recreated by the thief to cover the whole card reader assembly.
- When looking for these skimmers, it’s important to look for little cues—like the shape of the insert area or the misaligned braille sticker to detect a fake.
- You can take a reference picture when installing the ATM to quickly identify the differences later on. Additionally, note that the fake bezel or PIN pad overlay may appear too new or clean.
- Criminals can create a card reader bezel which attaches right over the original bezel. These are designed to look factory-original but contain skimming electronics to read a card as it in inserted. They are usually attached by double-sided tape and will pull off with little effort.
- A spy camera or PIN pad overlay may be also attached somewhere on the terminal to record PIN numbers. More on these later.
Deep Insert Skimmers
Deep Insert Skimmers are a newer, smaller, and harder to detect technology where the miniature skimmer is inserted inside a card reader. They can be found with various designs. Important considerations:
- Deep insert skimmers are a newer, smaller, and harder to detect technology where a miniature skimmer is inserted inside a card reader. They can be found with various designs. Important considerations to keep in mind:
- Deep insert skimmers are typically inserted and removed with a specialized tool. A technician may be required to remove if one is found or suspected.
- Many deep insert skimmers will not have a tab that is visible on the outside of a card reader.
- A tell-tale sign that a skimmer is inserted is if an inserted card is hard to insert and to pull back out. The skimmer, which takes up space within the card reader, may cause friction when inserting and pulling out the user’s card.
- During inspection, carefully check the interior of the slot for a thin metal or plastic skimmer device, using a flashlight. A quick visual inspection should reveal this insert style skimmer.
Deep insert skimmers may also be available as miniature insert skimmers. They can be the size of the one featured below or even smaller.
- Deep Insert Skimmers will not have the tab that would show on the outside of a card reader.
- Additional friction while inserting or pulling a card out of the reader may be a sign there is a deep insert skimmer.
ATM/ITM Spy Cameras
Spy cameras offer financial scam artists an opportunity to discreetly eavesdrop on a consumer’s ATM transaction, capturing all-import PINs, credit card numbers, bank account data, and other sensitive info—all without the customer’s knowledge. Cameras may be installed on various parts of the machine, and often criminals may install more than one camera to capture different angles and types of information.
Spy Camera Hidden in a Fake Brochure Holder
This older technique, where a spy camera is inserted into a fake brochure holder and mounted in view of the PIN pad, is still used today. Here are a few considerations to keep in mind about spy cameras:
- They are usually held in place with double-sided tape.
- You can also take and refer to reference pictures to help locate spy cameras and other illegal additions.
- Even if the brochures inside are legitimate, the holder itself may not be.
- Spy cameras can be as small as a dime and the lenses are smaller than a pencil eraser.
Pin-Hole Spy Camera
Pin-hole spy cameras are wedged into the upper fascia looking down onto the PIN pad and are designed to record a user’s PIN as it is entered. They can also be exceptionally difficult to detect.
PIN-Pad Overlays
These replica devices often look factory-real and rest atop the authentic PIN-pad of the ATM or ITM machine. The overlay records keys strokes and is difficult to spot.
Some important factors to note:
- Careful inspection should reveal the function keys look different from other keys, and numbers and characters may not look the same as the original keypad.
- Look for a raised PIN pad that is no longer flush with the PIN pad surround.
- Inspect for a skimmer if an PIN pad Overlay is discovered, as these are often used together.
- Retail point-of-sale units are also subject to overlays.
Shimmers – ATM/ITM Scams that Capture Cards
Unlike skimmers, shimmers capture debit or credit cards when they are inserted into the ATM or ITM, allowing criminals to trap the actual card. They are often used in conjunction with a spy camera or a thief who is lurking in the area and can view the PIN pad from a short distance—or is using a telephoto lens camera. Here are a few other considerations about shimmers:
- The card will be captured as soon as it is inserted. However, the consumer may be able to complete a transaction and put in their PIN before noticing. They will be unable to get their card back out once the transaction is complete.
- The thief retrieves the card using a special tool and can then use the card or sell the card’s information.
- Staff can complete a test card insertion into the card reader during the daily inspection to check for shimmers or deep insert skimmers.
How to Prevent ATM Skimming with NCR Activate Enterprise Software
The anti-fraud technologies offered by NCR Activate Enterprise ATM and ITM software can provide additional security protections for your ATM fleet that can decrease fraud by speeding up detection and securing compromised ATMs—before customers fall victim.
NCR Activate Enterprise skimming detection software uses sensors within the card reader to detect skimmers, including deep insert skimmers. After detection, the software will send out alerts instantly to your financial institution, allowing you to stop thieves in their tracks and effectively protect your customers from ATM skimmer fraud.
Combat ATM Logical Attacks with NCR Activate Enterprise Security Software
In addition to skimming fraud, NCR Activate Enterprise software can also protect ATMs from logical attacks. These include:
- Malware attacks that lead to jackpotting
- Blackbox attacks that cause unauthorized cash dispensing
- Network or man-in-the-middle attacks that can alter transactions or create unauthorized transactions
How can NCR protect ATMs and the currency and data held within? Through hard disk encryption, Activate Enterprise software can safeguard data found on the ATM’s hard disk—whether the ATM is online or offline. And, with built-in OS hardening protocols, the software can trigger the complete lock down of the ATM’s operating system when under threat, preventing further criminal activity.
Best Practices for ATM & ITM Safety
In addition to utilizing the latest ATM software to enhance security, there are other things you can do to decrease the likelihood of ATM/ITM tampering:
- Create a training program for your ATM / ITM fleet and stay diligent with inspections.
- Take good-quality reference photos of your ATM/ITM that include close-ups of the card reader and PIN pads and print these pictures to use as a reference when inspecting terminals.
- Visually and physically inspect all of your terminals twice a day or as soon as a complaint is filed or suspicious activity is noticed or reported.
- Take steps to ensure your ATM/ITM is not seen as a “soft” or “easy” target for criminals. Soft targets are locations where machines are out of public view—in low traffic areas, low-light areas, or locations where security cameras could be covered, smeared, or tampered with.
- Have multiple hidden cameras that can capture high, middle, and low angles for the best pictures of any perpetrators.
What to Do if You Suspect a Skimmer, Shimmer, or Spy Camera on Your ATM/ITM Machine
If you suspect your terminal has a skimmer, shimmer, or spy camera, call your local law enforcement, the Secret Service, or a trusted technician. Keep watch on the unit, close off the machine or power it down, and do not remove the skimmer, camera or PIN pad overlay.
To assist law enforcement, you can check for suspicious people in view of the terminal—but always vacate the area if you feel unsafe. Allow technicians or authorities to remove the fraudulent devices to preserve and collect forensic evidence and information.
Shields Business Solutions is Standing by for All Your ATM & ITM Needs!
As a regional expert in ATM and Cash Management, we work hard to offer professional and expert service to financial institutions up and down the Mid-Atlantic Coast, from Harrisburg, Allentown, Bethlehem, Wilkes-Barre, and Greater Philadelphia in Pennsylvania to the NYC boroughs, Long Island, and Suffolk County in New York—as well as New Jersey and Delaware.
If you have questions about ATM tampering or security, contact us for an appointment to learn more about NCR Atleos Software and our robust and secure management solutions for ATM & ITM terminals
Disclaimer: This guide is for training purposes and offers basic guidance. It is not legal advice but includes images and information that is readily available on the web. New skimming devices and techniques are being continually developed and continuous countermeasures and training are required to stay vigilant to protect FIs and consumers. Feel free to use this guide as a starting point for your own anti-skimming training program.