Device can stop skimming – other threats loom

30 March 2006

Media release
For immediate Release

Simple device can stop skimming – but “Lebanese loop” threat also looming for ATM machine users

One of the country’s largest ATM machine suppliers says a simple “mouthpiece” added to its machines will stop “skimming” fraud.

Task Transactions is also warning that it is only a matter of time before another ATM fraud practice, called the “Lebanese loop”, also arrives in New Zealand.

Task Transaction’s chief operating officer, Greg Jones, whose company has recently won 43% of the ATM software market here and is now also installing over 300 of the latest high technology ATMs for two of the major banks, says skimming can be stopped by simply installing a mouthpiece on its Wincor Nixdorf ATMs. It prevents a skimming device being inserted into the machine and can also retain cards if a skimmer is present.

In older machines running the Wincor Nixdorf/ Task Transactions multi vendor software, can also ensure

- ATM screens show users an image of what the slot should look like

- Warning messages or shutdowns are triggered if card retention rates rise in a machine

- Sensors can be mounted behind the customer panel, picking up unusually long changes in the magnetic field in their immediate vicinity. Minimal changes to the field, caused by an intrusion mechanism, put the ATM out of service immediately or issue an alarm. This successfully prevents cards being copied.

- Alarms can also be triggered if stolen card data is used within a short time say in Hong Kong, then Hamburg 30 minutes later.

Mr Jones says the aim of the “Lebanese loop” attack, widespread abroad, is to obtain an original card and, possibly the PIN. Small mechanical devices are used so cards are not immediately read and are kept by the ATM.

As soon as the customer notices a card has been retained, the offender (who is usually hovering nearby) offers to help the customer and suggests that, if he enters his pin, the transaction can be continued.

Once the customer has left the scene in the belief that the ATM has retained the card, the criminal removes it with a tool. Then, with the original card and PIN, the criminal has no problem withdrawing cash from the customer’s account.

Mr Jones says the motor-driven card reader from Wincor Nixdorf offers various ways of effectively blocking and preventing attacks with the Lebanese loop. One indicator for this type of manipulation is a shutter that does not close when the card is inserted. If this shutter error occurs, the transaction is immediately aborted. Other checks can be made to ensure the card pathway is free. If it is blocked the machine goes out of service before the PIN can be keyed in.

Mr Jones says the latest generation machines which his firm is now installing can be skimmer proofed and programmed to set off alarms. The latest encryption software also ensures PIN number transmissions by the machines cannot be intercepted. Task Transactions is already meeting these new EMV (European Mastercard and Visa) 3 DES (data encryption security) standards which are being sought by the world’s major credit card companies.

ENDS

© Scoop Media