Shielding your PIN isn’t enough

By : Scott Millar

September 19, 2014 11:55 AM

An infrared camera case for iPhones could present criminals with a new way to decipher people’s PIN details, but there are still plenty of ways to remain safe.


For consumers who actively shield their PIN when using ATMs and point-of-sale keypads, the new iPhone camera case, FLIR One, is a definite challenge as it doesn’t matter how careful they are.


The device is an infrared camera attachment for the iPhone (5 and 5s) that snaps onto the back of the phone. It’s hardly noticeable but what it does is pretty impressive, allowing the user to capture infrared pictures and video.



Essentially, infrared cameras detect heat signatures and display them as different colours. The problem is that when a customer types their PIN into a keypad, the heat from their fingers leaves a type of thermal footprint that will show up on an infrared image. Because the heat dissipates over time it will even reveal the sequence of the numbers typed.  The color spectrum identifies the number touched last with the warmest heat signature, and the number touched first with a less prominent heat signature.


As long as the criminal is next in line at the ATM or point-of-sale keypad, they can discretely capture footage of your finger's thermal footprint on a dedicated pin pad. In fact, research shows that this method is 80 percent effective and, depending on the keypad material, results can be obtained up to one minute after the user has finished typing.


What makes this threat so challenging is that the cost of this technology has fallen dramatically and is readily available for a consumer to integrate with their iPhone camera, so anyone can use it. While a decade or so ago an infrared camera might have cost $10,000 and been a bulky kit, the FLIR One is only about $200 and snaps on to the back of the iPhone so no one would even notice it was there.


Thankfully, there are ways for consumers to protect themselves and avoid this becoming a problem. The first, as suggested in this video, is to simply rest fingers across several numbers on the keypad to create a meaningless heat signature. It’s also possible to use a pen or other item to tap the numbers so warm fingers do not come into contact with the keypad.


Moreover, technology is improving and many ATMs are safe already. Touch screen keypads don’t leave the kind of obvious heat signature as a dedicated keypad does. Also, metal keypads are a lot safer as they dissipate heat faster and reflect infrared. However, this technology just goes to show how threats are evolving – and how banks have to stay on top to ensure they don’t fall victim.

Scott Millar

Global Solutions Marketing Manager

Other articles by this author

Based out of NCR’s R&D Centre in Dundee, UK, Scott Millar is responsible for establishing the marketing strategies and enhancing the strength and market share of the NCR Financial Hardware Portfolio. Here, Scott shares his insights.