
Skimmers Found at Walmart: A Closer Look - Deinos
http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/
======
stevecalifornia
True story: I was an American in the wastelands of Uzbekistan and needed to
find a bank to get currency. Locals pointed us in the direction of a tiny
cluster of buildings on the horizon. We got there and one of the buildings was
indeed a tiny bank of some kind. We gave the person running the place our
debit card and he looked at it with surprise. He flipped it over and over then
gave it back. They didn't accept magnetic stripe cards-- only chip and pin.
What backwater place did I come from that still issued magnetic stripe only
cards?

~~~
chiph
When you talk to your US bank, make sure you get a chip card that is
international-enabled (aka has chip+pin on it). Nearly all the US cards are
chip+signature, which means they won't work at places like European train
station ticket kiosks (no way to enter a signature). Found that out myself...

~~~
zzalpha
Heck, even in places that support both, chip-and-sign cards are an enormous
pain. I'm a Canadian with an American corporate Amex and inevitably the dance
is:

1\. The guy dips the chip. Machine errors out.

2\. Guy tries it again and fails.

3\. Finally listens to me and dips the chip, then swipes. But it has to be
_right after_ the chip fails so the machine will accept the swipe.

Why? Well if they swipe first, the machine says to use the chip, then they use
the chip and it errors out on that, and then they swipe again and it works.

Technology!

------
proactivesvcs
A few months ago I went to use my high street bank's ATM and it had an unusual
card aperture. The rest of the machine looked normal. I walked into the
branch, explained my concern and the cashier looked at me for several long
moments, as if I had made some amazing comment, then said their engineers had
fitted it and it was fine to use. I got the impression that I was the first to
ask about it, and that such questions are unusual.

~~~
mmmrtl
And presumably "their" engineers were instead social engineers?

~~~
gricardo99
No kidding. Next time walk in with a clipboard, some sort of name tag, and
announce to the cashier that you need to perform maintenance on their ATM
machine for the next half hour.

------
dopamean
I've got a question about the chip cards. I have one and I use it when
possible. I often hear that the reason to use them is that they are harder and
more expensive to copy than cards with just a magnetic strip. This seems like
a pretty weak deterrent. If everyone starts using chips wouldn't the price of
creating cloned cards with chips go down? Wouldn't it eventually become
worthwhile to criminals? Or do the chips provide another layer of security
that I'm unaware of?

~~~
jkaptur
My understanding is that the strip essentially encodes the credit card number,
and that when you swipe it, you pass the number. Therefore, "stealing" the
card is as easy as MITM-ing that (with a skimmer).

The chip, on the other hand, answers a query that proves that it knows a
secret. If the attacker listens to the exchange between the card and the
reader, it doesn't learn the secret itself, and the next transaction will ask
a different query.

------
tcdent
I don't consider myself an authority on this, but that's one of the most
convincing skimmers I've ever seen. Significant effort went into designing and
manufacturing that.

~~~
CamperBob2
Yep. Traditionally, it takes a minimum of six figures to create an injection
mold like that, even at China prices. Not your average basement hack job.

------
RockyMcNuts
a skimmer video from Vienna that's gone viral
[https://www.youtube.com/watch?v=ll4f0Wim4pM](https://www.youtube.com/watch?v=ll4f0Wim4pM)

~~~
fapjacks
Hah, interesting. I always tug on the parts of ATM machines, too, specifically
because of skimmers.

------
palakchokshi
Can the rise of skimmers be attributed to the fact that a chip card is more
difficult to "hack" into and since more and more customers and vendors are
requiring dipping chip cards the thieves want to get as many cards as possible
before all vendors require chip and dip?

------
xbmcuser
Here in Singapore I could get a replacement debit/atm card in an hour by
visiting any open branch. Or credit card in 3-4 working days. Maybe it is
because Singapore is such a small country. I have to say though hearing the
stories about consumer facing tech from the US credit cards, 911, cable boxes
internet speeds vs the business tech you see where the US dominates. I feel
the people are less important in the US then the corporations.

------
akkartik
Another recent skimmer:
[https://www.youtube.com/watch?v=ll4f0Wim4pM](https://www.youtube.com/watch?v=ll4f0Wim4pM)

