Card Skimming: The ATM fraud that just won’t go away?

By : Owen Wild

August 25, 2015 12:35 PM

Despite extensive efforts so far, card skimming remains a big problem for banks and financial institutions.


Card skimming is the most frequent form of attack on ATMs, resulting in significant losses for card issuers and financial institutions. Recently, we’ve seen an increasing frequency of card skimming attacks in both the US and in Mexico, but this is a global problem.


The European ATM Security Team’s (EAST) second update of the year, based on ATM crime statistics from 19 countries in the Single Euro Payments Area (SEPA) as well as two non-SEPA countries, shows the scale of the problem.


It found that card skimming at ATMs was reported by 17 countries, but the real problem is found once you go outside of countries with EMV cards.


EAST said the losses due to skimming occurring outside of EMV liability shift areas continue to mount.


Recent data issued by FICO, a credit scoring and analytics firm, noted that during the first half of 2015 the number of attacks reached their highest point in the US in 20 years. Attacks on ATMs located on bank properties have increased 174%, and attacks on nonbank machines are up over 300%.

“Such losses were reported in 49 countries and territories outside of the SEPA and in ten within SEPA. For the first time, Indonesia is the top location for such losses followed by the US and the Philippines,” EAST said.


EAST reports that ATM fraud rose 13 percent in 2014, with the main problem being card skimming. International skimming incidents rose 18 percent, it said, with the majority of these occurring in the United States and Asia-Pacific.


The EMV liability shift should help reduce losses in the US. Fraudsters won’t find it so easy to clone cards in other countries and then use them in the US.


However, skimming is an ongoing problem - the crime continues in EMV countries because mag stripes remain on cards, carrying crucial data. All the EMV liability shift will do is shift the target to the card-not-present sphere, as skimmed card details can be used online. Therefore, we must continue to boost efforts to reduce the opportunities for criminals to obtain card data.


In the recent US cases, we’ve found the device is part of a false overlay bezel attached on the top of the legitimate card reader bezel. Legacy, third-party anti-skimming devices were defeated, but more modern anti-skimming devices could solve the problem by detecting when a device is present.


Another development that could help stamp out card skimming is the contactless ATM. Contactless card and smartphone technology means consumers won’t have to insert their card into a physical slot, making it all but impossible for criminals to read the details. Card skimming continues to be a major problem, but the tide could be turning.

Owen Wild

Security Marketing Director

Other articles by this author

Owen Wild is responsible for marketing strategies for the NCR Security Solutions within NCR’s Financial Solution Portfolio. Over the past 15 years, Owen has held several sales and marketing positions with leading travel and tech cos.