Basics of Card Skimming

[scroobal]

A lot of you seem to be struggling with this.

Those who travel are likely to be impacted as it is a world wide issue and has been going for at least 2 decades. It has been happening in Singapore for years as well as Malaysia. Malaysia is known worldwide for counterfeit card fraud. It was so bad that Visa actually imposed prohibition on KL 5 star hotels from accepting their cards for a period in the late 90s.

Bank customers need not worry as the Banks are familiar with this and know how to handle this and arrange compensation.

Crooks prefer to target the foreign banks as they have higher limits and Banks like Citibanks, Amex etc are the favourite targets.

The crooks are certainly Malaysians but these guys are dumb and targeted DBS not realising that the strike rate is low as maids, NS men, and ordinary with low limits hold these cards. They are likely to get more money from 10 citibank cards than 100 DBS cards and maybe even 250 DBS cards

They compromised 2,700 cards at 2 ATMs in Bugis Junction vicinity and only managed to get money out of 400 cards.

True enough the Ah Bengs who never travelled before, never banked with foreign banks, heard of such things start panicking and form long queues.

Banks have sophisticated systems to detect anamolies in spending pattern and at high risk locations. DBS was probably sleeping at the wheel. Most foreign banks will send SMS alerts or even call the customer to verify a suspect transaction moment it is done. Either DBS does not have an adequate system or do not know how to use it.

 

[scroobal]

By the way, I saw claims here that it was internal compromise and staff have access to PINs.

PIN is not stored anywhere in a Bank system unless the Bank is so blur and does not issue Visa, Mastercards. The requirement is that PIN generation is done in a hardware box and not via normal software programme. When you key in the PIN, before it leaves the ATM, it must be encrypted and decrypted at the Bank end via the hardware box with no human interference. A bank's PIN regime is audited by MAS, VISA and Bank's external auditors from time to time. There are also yearly attestation process. Both MAS and HK Financial regulators are the most kiasu when it comes to money.

The world has come a long way.

 

[Leongsam]

Flame wars don't bother me. Rude, obnoxious posts calling me names don't bother me.

Spam bothers the hell out of me but nothing, I repeat NOTHING, irritates the hell out of me more than STUPIDITY and this is dished out in large doses both in this forum and in the general Singapore population.

Moronic accusations with the words "hacked", "inside job" etc expose the utter ignorance that many display.

And the idea that one has to have visited Malaysia in order to have your account compromised from ATMs in Malaysia shows that most don't even have a basic understanding of how banking systems work in this day and age.

Small wonder the 60% as still voting as they do in every single GE.

 

[Jah_rastafar_I]

A lot of you seem to struggling with this.



True enough the Ah Bengs who never travelled before, never banked with foreign banks, heard of such things start panicking and form long queues.

screwball there's no need to talk down to forummers in a high handed manner that aren't aware of this. This info is pretty general and i'm sure a few other forummers could have told everyone without that sickening arrogant demeanor of yours. Listen to me better pay more attention to your erectile disfunction rather than trying to take the piss out of ppl here. It will be a more enjoyable experience even for someone like you that derives orgasmic satisfaction from talking down to strangers here.

 

[Leongsam]

By the way, I saw claims here that it was internal compromise and staff have access to PINs.

Not surprising. Many members who have lost their passwords have asked me to email it to them.

The problem is that I don't know anyone's password. It's all encrypted. I tell them that but they don't believe me. They think that as forum admin, I can see everything.

 

[Leongsam]

screwball there's no need to talk down to forummers in a high handed manner that aren't aware of this. This info is pretty general and i'm sure a few other forummers could have told everyone without that sickening arrogant demeanor of yours.

I can understand why he does it. Stupidity irritates the hell out of him too.

 

[UMNO Terrorist]

There are actually very well developed devices that the syndicates tailored to fit the ATM machines. It consist of card reader which reads magnetic strips of ATM cards was you slot in, they are placed just at the outside of slot and looks un-suspiciously alike a an original part of the ATM machines. Then there is also micro camera aimed at the keypad to record your PINs. Of course there is micro SD card and batteries and their microcontroller. So the syndicates fix these customed devices on the ATMs and then remove them after they had collected enough info from victims (cards' magnetic strip data & PIN combinations) They can go ahead and clone cards which has PINs marked on them, and they will find SAFE locations to make series of withdrawals. The entire device is smartly made and very small. Can be half the size of iphone.

 

[Jah_rastafar_I]

I can understand why he does it. Stupidity irritates the hell out of him too.

sure but this POS takes that arrogance to the next next level. I would rather stupid forummers than this unpleasant old fogey with a non functioning dick to spam the forum with his inane ramblings.

 

[scroobal]

Yes you are right. Tonychat and Eashitndie have posted informative videos about these stuff in other related threads. The worst are Bulgarians who travel the world doing ATM skimming.

There are actually very well developed devices that the syndicates tailored to fit the ATM machines. It consist of card reader which reads magnetic strips of ATM cards was you slot in, they are placed just at the outside of slot and looks un-suspiciously alike a an original part of the ATM machines. Then there is also micro camera aimed at the keypad to record your PINs. Of course there is micro SD card and batteries and their microcontroller. So the syndicates fix these customed devices on the ATMs and then remove them after they had collected enough info from victims (cards' magnetic strip data & PIN combinations) They can go ahead and clone cards which has PINs marked on them, and they will find SAFE locations to make series of withdrawals. The entire device is smartly made and very small. Can be half the size of iphone.

 

[drifter]

There are actually very well developed devices that the syndicates tailored to fit the ATM machines. It consist of card reader which reads magnetic strips of ATM cards was you slot in, they are placed just at the outside of slot and looks un-suspiciously alike a an original part of the ATM machines. Then there is also micro camera aimed at the keypad to record your PINs. Of course there is micro SD card and batteries and their microcontroller. So the syndicates fix these customed devices on the ATMs and then remove them after they had collected enough info from victims (cards' magnetic strip data & PIN combinations) They can go ahead and clone cards which has PINs marked on them, and they will find SAFE locations to make series of withdrawals. The entire device is smartly made and very small. Can be half the size of iphone.

http://atmbrakers.blogspot.com/
theres a few website selling skimming card device too

 

[scroobal]

I was shocked to hear about the long queues at DBS ATMs. I also saw many entries in various blogs and forums about Ah Tee losing $200, Muthu $300, etc and they all seem to write long stories and it was sounding like aliens landing. Then I saw Ron's friend Amanda story.

Wait till these guys start learning about man in the middle attacks on their online banking account.

Flame wars don't bother me. Rude, obnoxious posts calling me names don't bother me.

Spam bothers the hell out of me but nothing, I repeat NOTHING, irritates the hell out of me more than STUPIDITY and this is dished out in large doses both in this forum and in the general Singapore population.

Moronic accusations with the words "hacked", "inside job" etc expose the utter ignorance that many display.

And the idea that one has to have visited Malaysia in order to have your account compromised from ATMs in Malaysia shows that most don't even have a basic understanding of how banking systems work in this day and age.

Small wonder the 60% as still voting as they do in every single GE.

 

[scroobal]

Excellent. Now people will realise that this is quite common.


Here is a site for those who are lazy and only want cards already with compromised data. These normally get closed quick, so check it out.
http://dumpsdaddy.com/

http://atmbrakers.blogspot.com/
theres a few website selling skimming card device too

 

[halsey02]

Excellent. Now people will realise that this is quite common.


Here is a site for those who are lazy and only want cards already with compromised data. These normally get closed quick, so check it out.
http://dumpsdaddy.com/

I still belive that this is an inside job. The ATM's & whatever machines are serviced regularly, to retrive the cash deposited in the CDM or top up the cash box in the ATM's. The service people would have checked & do disgnostic maintanence before rebooting the machines. Surely the would have some form of S.O.P. to check the machines for skimming devices.

Unless thise who are involved in servicing the two machines at Bugis Junction as you have mentioned those machine, in cahoots with a syndicate or with whoever are involved internally to steal the information. It would not be very difficult to trace where the compromised account holders where they had used their ATM cards or Credit/Debit Cards. With that audit, the bank I am sure can form a pattern & know the cause.

Internal acts is not a far off thought.

 

[scroobal]

Bro,

It might be ATM technicians or someone servicing the ATM but you don't need to access the inside of the ATM.

See the thread that Tonycat started.

I will explain a little. There are essentially 2 things that you need to compromise data from someone's atm or credit card.

1) Skimmer is the device that is attached to the ATM card insert throat. It actually sticks out but may look like part of the device. The customer inserts their card and it has a read head that reads the magnetic stripe where the data is concerned.

2) PIN capture device. This can be pinhole camera that is attached to the side of the atm and points at the PIN pad. Or it can be another pin pad that sit on top of the usual PIN pad and captures the finger pressure

So now you have the data as well as the PIN.

All the cases around the world are typically of this nature.



Here is the instruction how to install the data capture devices on the ATM front. This came from the link that Drifter provided.

SKIMMER
Skimmer is device which is placed on ATM and captures track's + Pin's. It has two parts, Pin pad cover with imitation buttons and card reader "atm skimmer" imitation fascia.
. How it works:
1. Skimmer's card reader sets up on ATM's card insert.
2. Skimmer's Pin pad cover sets up on ATM's Pin pad.
3. When cardholder inserts card into ATM card reader captures tracks from magstrip and imitation Pin pad store's pin numbers which cardhbolder inputs.
4. Both of atm skimmer + pin pad save captured data on inner storage in encrypted view.
5. Using special decryption program user downloads data from atm skimmer, decrypts data and gets each pair of captured skimmed track + pin.
Setting up skimmer on ATM takes about 60- 80 seconds depending on your skills. Work with skimmed encrypted data is very simple due to special program which decrypts data and prepare each pair of track + pin for use
​

 

[scroobal]

That is true.

. It would not be very difficult to trace where the compromised account holders where they had used their ATM cards or Credit/Debit Cards. With that audit, the bank I am sure can form a pattern & know the cause.

.

 

[Leongsam]

I still belive that this is an inside job. The ATM's & whatever machines are serviced regularly, to retrive the cash deposited in the CDM or top up the cash box in the ATM's. The service people would have checked & do disgnostic maintanence before rebooting the machines. Surely the would have some form of S.O.P. to check the machines for skimming devices.

The skimmers don't leave their devices on the machine. They install them quickly, get the data they need to clone cards, then come back and remove the hardware... all within hours.

Most of the time, the skimming equipment is held on by nothing more than double sided tape. It can be ripped off in less than 10 seconds and nobody would be any the wiser.

Unless ATM maintenance happened to coincide with the brief period when the skimming hardware was in place, nobody on the inside would even be remotely aware that ATM security had been breached for a few hours on a certain day.

I'm pretty sure security footage of the actual deed exists and it should be a matter of time before DBS releases it or it's leaked just as the MRT suicides were.

 

[eatshitndie]

I still belive that this is an inside job. The ATM's & whatever machines are serviced regularly, to retrive the cash deposited in the CDM or top up the cash box in the ATM's. The service people would have checked & do disgnostic maintanence before rebooting the machines. Surely the would have some form of S.O.P. to check the machines for skimming devices.

Unless thise who are involved in servicing the two machines at Bugis Junction as you have mentioned those machine, in cahoots with a syndicate or with whoever are involved internally to steal the information. It would not be very difficult to trace where the compromised account holders where they had used their ATM cards or Credit/Debit Cards. With that audit, the bank I am sure can form a pattern & know the cause.

Internal acts is not a far off thought.

skimmers can do the whole shhbang in minutes or at most hours. they seldom hang around nearby for days. all they need are unsuspecting atm customers. in the u.s here due to longer maintenance intervals, skimmers can start their operation on friday evenings and pack up on sunday nights, just between maintenance windows. all skimming devices are portable and easy to install and retrieve. a wireless laptop is required nearby within wifi range to log data and capture cam shots on file. in sg, it could be someone sitting in a coffee shop. in u.s. with much parking spaces, skimmers operate from their vehicles.

 

[singveld]

the skimmers must be celebrating in nightclubs in malaysia now they have half a millon dollars to burn.

 

[Leongsam]

the skimmers must be celebrating in nightclubs in malaysia now they have half a millon dollars to burn.

With skimming hardware available on the net for a song, I'm surprised it doesn't happen more frequently. Anyone with enough brains to sign up for an account in this forum should be able to handle the simple task of skimming.

 

[drifter]

The skimmers don't leave their devices on the machine. They install them quickly, get the data they need to clone cards, then come back and remove the hardware... all within hours.

Most of the time, the skimming equipment is held on by nothing more than double sided tape. It can be ripped off in less than 10 seconds and nobody would be any the wiser.

Unless ATM maintenance happened to coincide with the brief period when the skimming hardware was in place, nobody on the inside would even be remotely aware that ATM security had been breached for a few hours on a certain day.

I'm pretty sure security footage of the actual deed exists and it should be a matter of time before DBS releases it or it's leaked just as the MRT suicides were.

theres also a pocket card skimming using bluetooth ( dont even need to install in atm ) very popular in eroupe ...within seconds they can get your pin

[video=youtube;U0w_ktMotlo]http://www.youtube.com/watch?v=U0w_ktMotlo[/video]

[video=youtube;Bs9wE4GXeEg]http://www.youtube.com/watch?v=Bs9wE4GXeEg&feature=related[/video]