Sph Website
Last updated at 4.04 pm
Reader
E-paper
 
Singapore weather
24°C
 -
32°C
 
 

Stealing ATM card data is all too easy, say experts

Experts say magnetic strips are vulnerable to skimming; attacks can happen at shops too

 
Published on Jan 8, 2012
 
 
Purchase this article for republication
 
Buy SPH photos
 
 
Plastic covers over ATM card slots are one way to prevent skimming. -- ST PHOTO: JOYCE FANG
By Grace Chng, Senior Correspondent

The magnetic strips used in ATM cards here utilise a type of technology that is at least 30 years old, said computer security experts.

The best prevention against ATM fraud is to switch to a smart card technology that would entail embedding a computer chip into the card, they added, but practical difficulties mean this solution will not be adopted any time soon.

The issue of ATM card security came into focus last week after fraudsters stole about $500,000 from about 400 customers in two days as part of what was believed to be an ATM-skimming scam.

Background story

Cheap fraud

Once personal information embedded in the magnetic strip of the ATM card and the cardholders' PINs are stolen, the cards can be cloned using a $300 machine easily available in places such as Sim Lim Square.

Background story

CARD-CLONING IN THREE STEPS

Making a cloned card is a three-step process, says security company Fortinet's regional technical manager Eric Chan.

The first is to steal the personal information stored in the ATM card's magnetic strip. A thief can install a device to read the information over the slot entrance of an ATM machine. Called a card reader, it looks similar to the slot entrance, thus fooling a cardholder.

The next step is to transmit the data either wirelessly or via Bluetooth to a computing device.

Alternatively, the data can be stored on the card reader, which is later removed by the criminal.

The final step is to steal the PIN. To do this, a pinhole spy camera is lodged in the card reader or installed on a nearby surface to surreptitiously capture the numbers as they are keyed into the ATM machine.

If the cameras are wireless, they can be inconspicuous because there would be no trace of cables.

The ATM card is then cloned by embedding the stolen data onto the magnetic strip of a new card. Machines that do this are cheap and easily available.

To prevent card cloning, banks have installed anti-skimming devices - plastic covers installed over ATM card slots that prevent card readers from being placed there.

Other anti-skimming devices are more sophisticated. One can detect the presence of PIN recording cameras or fake covers over the card slots.

Once a threat is detected, the device will switch the ATM into offline mode and send a message to the ATM operator or trigger an alarm.

The alarm will alert the ATM operator or security staff.

'Anyone can buy an electronic card reader to 'read' the information on the magnetic strip,' said Dr Derek Kiong, a computer security lecturer. The chip on a smart card, on the other hand, encrypts the personal information and makes it tougher for any thief to steal it, he added.

 
 
blog comments powered by Disqus
 
Previous
Next
 
Singapore
 
Most Popular
  1. NUS orders Christian group to stop all activities on campus
  2. Temasek Review Emeritus apologises to PM Lee
  3. Police seek info on missing boy, 13, last seen along Ang Mo Kio Ave 3
  4. CBD taxi rules to be shortened by 2.5 hours from March 1
  5. SMRT told to check track after clip falls off in Jurong
  6. 1st youth in Downtown East killing admits to rioting
  7. Driving ban against cyclist annulled
  8. Yaw not appealing against expulsion; Hougang seat now vacant
  9. Ex-manager fined $250,000 for market rigging
  10. Man fined for punching parking warden