HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
This seems like a simple yet effective way of beating card skimmers. At least until the crooks find a new way to steal your money.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How Do You Stop an ATM Skimmer?
- Thread starter HardOCP News
- Start date
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
And by the end of the day...all skimmer hardware will be redesigned.
Oh and, your bank will up their ATM fees to make you pay for the new hardware.
Oh and, your bank will up their ATM fees to make you pay for the new hardware.
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
Or, you know, just move to chip and PIN. 
But interesting idea nonetheless; the biggest issue I see is mechanical failure due to increased complexity of the reader.
But interesting idea nonetheless; the biggest issue I see is mechanical failure due to increased complexity of the reader.The issue is a read head on the skimmer passing over the magnetic strip of your card. It doesn't matter what orientation the card is in. I'm pretty sure my old 1980s cassette deck used to read tapes no matter it's orientation.
temujin987
[H]ard|Gawd
- Joined
- Jun 24, 2008
- Messages
- 1,351
how about removing that magnetic stripe? does it have any use except for some ancient atm in zimbabwe that doesn't use the chip on the card? why do we still use such old technology if we already have something much more secure?
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Because magnetic readers are fucking everywhere. And no business anywhere wants to spend money to replace hardware, especially where compatibility is concerned and the hardware still works.
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
It's out there, but it's estimated to cost merchants in the US something like $10B to upgrade their old readers. In a low margin retail business...
It makes sense to me to have the credit card companies foot the bill.
An easier fix would be to require all cards to have a pin assigned, not just when being used as debit.
$10B is a big number for sure... but how much would that be for EACH retailer?
They certainly spent money to install card readers in the first place... but they never thought they'd need an upgrade in the future?
I'm 37 years old. I remember old-fashioned cash registers... the addition of barcode scanners... and the first generation credit card readers. There's been quite a progression in the retail space. Did stores pay for that hardware?
So why not newer chip-n-pin card readers?
If no retailer ever spent money on upgraded hardware... we'd still be using these:
lOSBRzdttUFOQ~~60_35.JPG)
Clearly they saw the benefits of moving past this ancient hardware... so I'm curious as to why they's stop before the next-generation of hardware.
I get it... it's expensive. But so was the last few decades of retail hardware.
zerodamage
Limp Gawd
- Joined
- May 18, 2007
- Messages
- 171
I just check every ATM machine I put my card into. I tug and pull on the reader to make sure it stays in place and if it is legit, it will not move.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Because the current stuff works. Same reason you have companies still running WindowsXP...hell the same reason all ATMs themselves still use WinXP.
These days the retail sector is blowing chunk with online purchases as opposed to yester year. Which means there's even less desire to want to replace functioning hardware when there's no standardized move by VISA or MasterCard or anyone to go chipped. AFAIK no one is even talking about it.
Fraud is built in. I'm already paying for it, from a consumer standpoint I don't care, do whatever you want. I'm going to swipe it the same anyway.
No liability, overnight replacement card, meh. I have no incentive to care. Retailers do what you want.
No liability, overnight replacement card, meh. I have no incentive to care. Retailers do what you want.
There are some places that have already upgraded to newer chip-n-pin card readers. They obviously weren't using those same machines 10 years ago.
What made them upgrade?
Guys in stripper bars?
- Joined
- Jun 6, 2000
- Messages
- 6,254
chip and pin is coming. The company I work for is currently migrating our older readers to ones with C&P.. This was due to Mastercard and Visa shifting liability over from card issuers to the merchant with non-emv capable readers a while back.
more info..
more info..
They somehow managed in Europe and Canada though. It was no less expensive for merchants, but we found a way. Course, you guys still haven't bit the bullet and moved to the metric system either, which was also expensive for us to do, but we still did. Quit being so damn cheap America!
Im going to guess that the guys saying that the magnetic strip isnt necessary are not from the US. Here in the uk weve been using chip and pin for ages, by the time america adopts it we will probably be using retina scanners or some such future tech.
America just needs to get with the times, no excuses. Ive never used the strip on my card im not even sure why its there tbh.
America just needs to get with the times, no excuses. Ive never used the strip on my card im not even sure why its there tbh.
Automaticman
n00b
- Joined
- Apr 5, 2013
- Messages
- 40
I read about this when it was announced not too long ago and have already had one card upgraded with a chip. Still have yet to use it though. I'm pretty sure it's all in response to the Target stolen credit card info snafu a while back.
I'm actually not very familiar with chip and pin. What makes C&P invulnerable to skimmers in a way that stripe and pin is not? Are chip skimmers not possible? I'm guessing there has to be some sort of encryption / remote authentication involved.
rat
Supreme [H]ardness
- Joined
- Apr 16, 2008
- Messages
- 4,915
For as long as the cost of fraud is less than the cost of upgrading the machines, the machines will not get upgraded unless they have no other choice.
Free market, man. Companies collude.
I still can't believe you guys still use the magnetic stripe cards. Us Canadians switched to chip and pin years ago and we were still one of the last places on earth to switch. I think it's just the US and Ethiopia left now.
P.S. How the hell does reading the cards sideways really help anything. They can just build a skimmer that reads the cards sideways (yes I am aware this is a lot more complex and might require several sets of contacts). Security by obscurity is never the answer.
P.S. How the hell does reading the cards sideways really help anything. They can just build a skimmer that reads the cards sideways (yes I am aware this is a lot more complex and might require several sets of contacts). Security by obscurity is never the answer.
motomonkey
[H]ard|Gawd
- Joined
- Jan 17, 2009
- Messages
- 1,490
They started teaching Kids the metric system back in the 70's in this country in some places, I remember it. I thought, "cool! just move the decimal place!" yeah, and we even had the same road signs as Europe for a while too, but then for whatever weird reason, the push to go metric just sort of faded away.
Either that, or consumer confidence in credit card transactions continue to erode....in a low margin retail business.
why can't we just login with our username/pw at an ATM? Just send an update to whatever application is running on there and call it a day. Just put an onscreen keyboard on there for the login. done. no more need for cards.
of course people could put cameras in there to record what people type but... that would be pretty tedious to try to decipher.
of course people could put cameras in there to record what people type but... that would be pretty tedious to try to decipher.
NickJames
Supreme [H]ardness
- Joined
- Apr 28, 2009
- Messages
- 6,698
It costs anywhere between $200-300 to upgrade retailers to new NFC payment systems. Unfortunately most small businesses don't even know how to operate them or have it disabled or it broke. Needs a few more years to iron out the bugs.
- Joined
- Jun 6, 2000
- Messages
- 6,254
We actually just went through some webinars with Verifone discussing EMV/c&p and migration/advantages/liabilities etc. Here is a link to the PDF they provided.
on a side note we had Ingenico 3070's pulled from the PCI list. Something our merchants said has never happened before. It took a while to find out why but it was due to skimmers being used in Brazil on them. They were pulled once it was found out that they were modified relatively easily.
Last edited:
It's because 90% of the population here in the US seems to have a arithmophobia. The only numbers they deal with are the time of day, prices they pay and speed limits they fail to obey.
The majority of people in technical fields use metric units and are perfectly comfortable with them. Excluding construction...don't even get me started on what numbers mean to builders.
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
Hey, you're preaching to the choir. I'm in fraud and am 100% in moving to this standard sooner rather than later. But that's just the reality of the pushback, and 10s of thousands of small merchants (and their lobbying groups) make a hell of a lot of noise.
And while I have no sympathy for the Targets and Walmarts, I can definitely feel for a mom and pop shop barely scraping by needing to drop several hundreds of dollars in equipment upgrades.
Magnetik beat me to it; the CC companies aren't going to pay for it, are you kidding me? They're pushing the liability onto the merchants if they don't switch.
That being said, aren't we not even moving to chip and PIN, but a watered down version, chip and sig?
If anything, consumers don't care too much because the banks pay for it. So while it sucks at first, most don't feel the true pain of the loss. Credit/debit card transaction volume continues to grow quickly YOY.
Who was it said 10B was big money?
In the world of business, 10B is chump change. Back in like 2003 or so, the IRS levied a 1Billion Dollar increase to Simantec's Taxes for undervalued intellectual property transfer between the US and Europe.
that was a 1 Billion Dollar increase in their taxes for the year, it's nothing, it's chump change when you are talking about businesses as a whole.
In the world of business, 10B is chump change. Back in like 2003 or so, the IRS levied a 1Billion Dollar increase to Simantec's Taxes for undervalued intellectual property transfer between the US and Europe.
that was a 1 Billion Dollar increase in their taxes for the year, it's nothing, it's chump change when you are talking about businesses as a whole.
Automaticman
n00b
- Joined
- Apr 5, 2013
- Messages
- 40
Thatnks for the PDF. I think this paragraph sums up the security improvement pretty well:
Grahamkracka
[H]ard|Gawd
- Joined
- Feb 4, 2008
- Messages
- 1,052
Except this doesn't make sense either since the metric system is simpler to compute since everything is a factor of 10...
hahaha...I use both systems at work. Was slightely annoying at first, but then a few extra braincells must have came back from the dead. Fractions are much easier to visualize for me.
I am also one of the few who still carries cash. I hate the idea of credit cards. I use my debit card, but only for big purchases. I don't know why credit cards bother me so much. Same with primaries. People voting on who they want to vote for later. It is madness. Credit cards, people borrowing money so they can pay it back and borrow more money.
MindBuster
2[H]4U
- Joined
- Jan 6, 2002
- Messages
- 3,115
Bank cards already aready require a PIN. As for the chip, its just a supposedly harder to copy version of the magnetic stripe. If the skimmer hooks in downstream of the card reader, it may not do much good.Or, you know, just move to chip and PIN.
The chip is an anti-counterfeiter measure against reproducing the physical card. Back in the 90's that was the primary type of fraud and chips were probably hard to counterfeit. 25 years later, I'm not so sure.
The PIN is probably better than signatures on credit cards because no one check sigs. Although the signature is likely harder to steal. For an ATM they mount a camera in sight of the keypad when they install a skimmer.
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
The chip contains data that isn't readable by simply swiping the card via a mag-reader. Thus, skimmers aren't able to capture the full amount of data needed to make purchses with the card. PINs are required for ATM transactions; but debit cards can also be used without the PIN for signature transactions at the point of sale.
Signature are worthless; A. There isn't a systemic way for banks/issuers to monitor this, B. I can easily print out a brand new card with my name and your numbers on it, and sign my own signature for the nice store clerk. Even better is writing, "Check ID" on the back of the card. Again, I get a counterfeit ID with my name and signature on it that matches your card...thanks again nice clerk for checking, I appreciate your diligence!
Or, you know, just move to chip and PIN.
That isn't a unbeatable solution. It's all about the implementation of the system at the retailer which is where most of the hacks have taken place. There's already several documented cases where the terminal itself was hacked to accept any pin given and a couple where the cards pin was captured. EMV just reduces fraud, not eliminates it and in the end is a 20-year old standard.
cdr_74_premium
[H]ard|Gawd
- Joined
- Oct 20, 2010
- Messages
- 1,577
Brazil moved to Chip+PIN a long time ago.