Using a credit or debit card is a trendy way to pay bills while reducing the risk of keeping your money in your pocket. But it is not as safe as you might assume when there are hackers who can take valuable information by just one swipe of the card. These hackers are known as card skimmers. Spread in different places around the world, card skimmers are the primary reason for increase in ATM breaches.
Taking skimmers to the next level, hackers have created virtual skimmers – malware installed into ATM machines and credit card readers remotely. Through this method, the hacker does not even need to come into physical contact with the ATM to steal credit card details. All he has to do is install the malware and no one can tell whether the machine is compromised. This is extremely efficient from the hacker’s perspective because hackers are able to access your finances, without card holder’s knowledge.
Hackers tend to install virtual skimmers in banks by breaking into the bank’s network. Instead of compromising physical ATMs one at a time, hackers can steal from multiple ATMs at once. As a solution for this, banks have introduced card with chips, which are more secure than magnetic stripes but this does not address ATM fraud occurring at gas stations.
The skimmers can be installed on card readers in less than 30 seconds, and will record all card data for collection. The skimmer stores the data, and the hackers return to easily obtain the stolen card numbers over Bluetooth.
As a solution for this, a programmer at SparkFun Electronics created an app to save you from having to brutalize your local cash machine. Most of these skimmers use Bluetooth for harvesting the stolen data, so that the phone should be able to detect them easily. Nathan Seidle, SparkFun’s founder, created the Skimmer Scanner app to automatically detect the skimmer’s Bluetooth signal, which is most noticeable at gas stations.
Skimmers are a bargain, so it has a constant Bluetooth name and a hard-coded password. The Skimmer Scanner looks for connections with that name and then attempts to connect with the default password – the same way the thief who planted it would. The app then sends the letter “P” as a command to the Bluetooth device, and if it’s a skimmer, it’ll send back “M.” This system has been able to detect skimmers at distances between 5 and 15 feet.
Reference : https://www.cnet.com/news/credit-card-skimmers-thieves-are-getting-smarter-you-can-too/