As EMV cards become more prevalent in the wallets of American shoppers, thieves are thinking of new ways to steal credit card information. The latest of these was recently found in Mexico, and is likely to cross into the U.S.
According to Krebs on Security, a "shimmer" was found in an ATM in Mexico. Krebs explained that shimmers are a type of skimmer that is designed to pull credit information from the chip embedded into newer credit cards rather than capturing it from the magnetic strip. The reason for the name is because the device is so thin it can be shimmied into the slot of a card reader, making it virtually undetectable from the outside.
Such was the case with the device found in Mexico. While performing a routine check, ATM security firm 3VR found the shimmer inside of the card reader and said that it was installed without any access to the ATM's internals.
What's dangerous about the device is that it can be used in any dip reader, those where the card is inserted briefly and then quickly removed. Even if the terminal does not accept EMV cards, the shimmer can still be inserted and pull information off of the chip.
EMV cards are considered to be more secure because the information stored on the chips is encrypted, so even though the shimmer was able to read information off of the cards, it would appear to be gibberish if read by the criminals.
When speaking with a representative from a major ATM manufacturer, Krebs discovered how the thieves may have planned to use the information. A CVV is a verification security measure found on all cards. EMV cards have a more secure version, called iCVV, which prevents information read from an EMV chip from being accepted if cloned onto a magnetic strip. It is possible, Krebs reports, that whoever planted the shimmer discovered which banks were checking iCVVs improperly or not at all, thus nullifying the added security measure.
If your company is in need of new credit card processing software, be sure to contact 911 Software today.