Detecting Credit Card Skimmers
Interesting research paper: “Fear the Reaper: Characterization and Fast Detection of Card Skimmers“:
Abstract: Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card data using skimmers, which are attached to legitimate payment devices including point of sale terminals, gas pumps, and ATMs. Detecting such devices can be difficult, and while many experts offer advice in doing so, there exists no large-scale characterization of skimmer technology to support such defenses. In this paper, we perform the first such study based on skimmers recovered by the NYPD’s Financial Crimes Task Force over a 16 month period. After systematizing these devices, we develop the Skim Reaper, a detector which takes advantage of the physical properties and constraints necessary for many skimmers to steal card data. Our analysis shows the Skim Reaper effectively detects 100% of devices supplied by the NYPD. In so doing, we provide the first robust and portable mechanism for detecting card skimmers.
Boing Boing post.
Clive Robinson • October 5, 2018 9:22 AM
When I read the paper a while ago I found it interesting.
However whilst it was 100% effective, the opponent is dynamic intelligent and frequently well funded. Which makes me think they will not just try but find methods to subvert it. Because that is the nature of high stakes cat and mouse games.
That’s not because I think the work was inadiquate I don’t it’s just that smart well resourced people can be quite ingenious, and there are a lot more attackers than there are defenders.
Cash machines like most locks are actually “mechanical devices” at heart, and it’s a weak heart at best.
I’ve explained before that for reliability in all climbs and to stop “bind” the designers add in “slop” into designes. Unfortunatly that leaves “wriggle room” for others to play in, and they have and will where possible continue to do so.