Feeds

back to article Card-cloning crooks use 3D printers to make ever-better skimmers

Cybercrooks in Australia are using 3D printers and computer-aided design software to manufacture ATM skimming devices. New South Wales Police recently arrested and charged a Romanian national with fraud involving the use of an ATM skimmer made on a 3D printer to fleece Sydney residents, Australia-based iTnews reports. Police in …

COMMENTS

This topic is closed for new posts.
Silver badge

Need an innovative solution

What if we could develop some sort of cheap microchip that could actually be embedded into the card and contain some sort of crypto program so that the identity of the card wasn't merley printed on a bit of cassette tape glued on the back for anyone to read?

Perhaps the banks could also invest in some sort of high street presence with a real building with real physical security and staff who could periodically inspect the machines ?

In keeping with the green eco-image of banks I suggest a tree motiff and we call these physical peripheral access facilities "branches"

28
0
Silver badge

Re: Need an innovative solution

Unusual karma, 3D printers have a habit making a really ugly mess of spaghetti. At least at the moment it will still frustrate the arse off of the crooks.

0
0
Anonymous Coward

Every news report I read states that card skimming is the domain of Romanian criminals. Or are they the only ones being caught?

It will be interesting to see if the levels of this fraud grow when boarder restrictions are lifted later this year.

0
0

Re: Need an innovative solution

Most cards nowadays have chips, but the account information must still duplicated onto the magnetic strip as many US banks still haven't upgraded (I guess that banking fraud doesn't count in the so-called global fight against terror or whatever). Add to that ATMs in some minor countries (Gulf states IIRC) are also quite permissive in international transaction validation.

If one only uses ATMs with chip readers one might perhaps degauss the strip?

Where I live there is a lot of security presence, mostly to prevent the homeless spending the night indoors during winter. (I know, it was the most often received answer when I asked the guards about the reasons for their presence)

Chips have an additional hazard in that the sort that is pushed nowadays allows contactless transactions, introducing a different type of hazard.

I would also be worried about POS terminals, which have a large potential for fraud even without the complicity of the shopkeeper. With the variety of designs out there there must be at least a few that have enough room to insert a chip+stripe+keypad recorder.

0
0

Re: Need an innovative solution

Yes - has anyone tried this? Will terminals reject your card if the mag strip isn't present? I think I'll have to apply for a card to experiment with.

0
0
Silver badge

Within the next few years...

3D printers need a license to use! Which means the rest of us need to pay extra money and be subject to all kinds of data-rape in order to print a few cogs, whereas the sort of people who would print card skimmers.. will carry on doing so anyway. Possibly with stolen printers. Or maybe with your printer courtesy of a (metal) gun to the head.

A few more headlines like that, and I can see it happening.

6
0
Silver badge

Anyone who knows anything about the 3D printing process

Knows that the Create it Real blocker is trivial to sidestep, and likely to be ineffective anyway. The kindest thing you could say about it is that it's a publicity stunt.

Give people tools and some of them will use them for illegal purposes (cars to get away from the police for example). Find better ways of catching them and move on. Don't try to ban the technology, it's out of the box and people who do want to use it for illegal purposes aren't going to be worried about it being banned.

11
0
Anonymous Coward

I for one will be writing to David Cameron asking him to personally deal with the criminal menace and their use of technology. If anyone can make a difference then surely it's him.

5
0
Silver badge
Devil

@ AC 1612h GMT -

Don't forget to CC Claire Perry. 3D printers are surely a menace and should be blocked by default, because they are being used by child molesters and other sick people like porn watchers. Better outlaw all printers, I've heard these perverts actually print images with these things. Eeeww, makes you shudder how bad the world has become during the Labour government.

Time to tidy up hard!

6
0
Silver badge

He is a tory - just tell him that 3d CAD systems are used in industry to actually manufacture products and they will be banned.

5
0
Silver badge
Happy

'I for one will be writing to David Cameron asking him to personally deal with the criminal menace and their use of technology. If anyone can make a difference then surely it's him.'

Needed the heimlich manoeuvre done on me I was laughing so much with a gob full of Scots Oats.

0
0
Bronze badge

Hmm

Interesting Video, lets hope scammers dont use No More Nails!

0
0
Facepalm

So, about this wonder technology that stops the manufacturing of guns and possibly card skimmers. What is to stop someone simply printing the same in more and more parts until the software can't recognise it? Pointless.

0
0
Silver badge
Boffin

For a gun, some parts such as the barrel you want to print in a single piece, to give them as much structural integrity as possible. Else you'll be futzing around with epoxy resin and acetone, to get the pieces to become one and you'll be cursing why you didn't build it from glass- or carbon-fiber reinforced epoxy in the first place.

0
0

Errrm. I would have thought that the whole world has managed to implement cards with chips in them by now, which would seem to defeat this. Please tell me there aren't places in the world so backwards that they still use magstripe only cards?

1
0
Bronze badge
FAIL

Only the US, I believe.

0
3
Anonymous Coward

Since the article and video were about what is happening in Australia, my guess would be that Australia still uses mag-stripe.

The UK still uses magstripe. If the chip and pin device can not read your card then they will use the magnetic stripe. Some places still have the old machines for taking an impression of the card for you to sign.

2
0
Silver badge

Everywhere still uses magstripe aswell - that's the 'genius' of the banks security.

You get everyone to type their top-secret pin into the terminal at Honest Ahmed's Kebab House and Management consultancy, then have ATM's that still read the magstripe instead of the chip and use the same pin.

It's like broadcasting the identical weather report every day in your top secret enigma code to U-boats and in Captain America decoder ring code.

5
0
Gold badge
Meh

@Benjamin 4

"Please tell me there aren't places in the world so backwards that they still use magstripe only cards?"

Indeed there are.

Romania and Bulgaria for example.

Surprising coincidence that's where the crooks seems to come from.

0
0
Bronze badge

There are places in the world...

"Please tell me there aren't places in the world so backwards that they still use magstripe only cards?"

In lots of places in Europe you cannot pay with cards with chips, or at least you could not a couple of years ago. It is probably bugs or lack of backward compatibility, but in practice it got so frustrating to me in my travels (no, not in Ahmed's Kebab Joint - in major hotel chains, well known stores, and restaurants in various countries, etc.) that I requested to revert both of my credit cards to magstripe only. I did that after a receptionist at a German hotel and a manager of a very famous department store in Paris (a kind of store to which top of the line technology and personnel are rushed in a blink) confirmed on separate occasions that problems with chip'n'PIN cards were very common. Amazingly, my problems disappeared as soon as I got rid of the chips.

One other thing I found out (may depend on country/bank/whatever, of course) is a subtle difference when you contest a transaction: with magstripe your signature is needed to prove that the transaction occurred, with chip'n'PIN, which is deemed more secure, as long as the PIN is recognized as correct (may be stolen just like the Ferret explains, or may not be correct but recognized as such as has been reported more than once) the transaction is deemed legal with or without your signature. Seems an important difference to me.

1
0
PJI
Bronze badge
Holmes

Re: There are places in the world...

I can assure you, from experience as customer, victim and bank clerk, no one is able to check your signature that reliably. For one thing, there is a handy sample copy of your signature on the card.

I believe one of the bigger risks is somebody simply shopping on line or over the telephone, especially the latter: no pin and no signature.

The odd thing, to me, is that after all this time, the holes in the wall are still so badly designed and vulnerable and that magnetic strips are on all cards, not only by customer request, with appropriate waiver. If semi-third world countries such as USA can not keep up, but find their cards stop working in the developed world and that foreign tourists and businessmen in those countries can not spend money so easily, I suspect chip and pin will take off like a rocket in those countries.

Note that banks are adopting two strategies at least:

1. monitoring usage patterns so that they can see, automatically, any sudden, "out of character" bills.

2. geographical limiting: making the card valid within restricted, geographical areas and requiring the customer to request widening this area.

So some crook trying to use your card in the USA would find it harder on two grounds.

0
0
Bronze badge
FAIL

Re: @Benjamin 4

Wrong. For the record, Romanian banks actually DID pretty much transition to chip cards. Unless you're talking about some obscure branch of "Grand Bank of Nigeria" or similar, all newly issued / expired cards I've seen were chipped. As for how long it will take until the last magstripe-based ATM disappears - I believe there will be a lot of them remaining everywhere around the world for quite a while yet.

0
0
Silver badge

The real problem

Forget guns, and skimmers. Clearly the real problem is people might print their own Disney figures.

12
0
Bronze badge
Childcatcher

Re: The real problem

If fraudsters start printing Disney characters, you can be sure that the entire weight of the American Industrial Military complex will bear down on these miscreanrts. To protect the children from fake Mickeys, of course.

17
0
Silver badge

Re: The real problem

But they are just taking the mickey...

3
0
Silver badge
Facepalm

Re: The real problem

There's far more at stake in that issue than in bank fraud.

0
0
Silver badge

ATM makers will just need to make the front of the machine more complex. There's too much blank grey space at the moment, plenty of place to embed holograms at surface level or something else difficult to copy or print.

Or we just ban 3D printers - banning things seems to be the favoured option of most MPs these days.

1
0
Silver badge
Devil

@ Velv -

>. . .

banning things seems to be the favoured option of most MPs these days.

<

Mostly CP*.

Not child porn, Claire Perry, MP Devizes.

1
0
Bronze badge
Joke

Security through Complexity

ATM makers will just need to make the front of the machine more complex.

Adding another few factors to the authentication process ought to sort things out. To the thing we already have (card) and the thing we know (key code), lets add a DNA swipe, retinal scan, finger toe print, facial recognition, state-issued ID, plus a short written test. One of those might do the trick.

0
0
Silver badge

There was an article recently about a slot design that would make magstripe skimming a lot harder. The card would be inserted broadside, so that the stripe doesn't pass lengthwise over a single point in the slot, then rotated once fully inside the machine.

Of course, rotating would only be necessary if the ATM needed to read the magstripe in the first place, otherwise it's just additional mechanics that can fold, spindle and mutilate your card. Having a read head that moves on a spindle is a long-solved problem problem anyway, so that's a more suitable solution for reading the stripe.

As for protecting the keypad against overlays, maybe have a close-fitting cover over it that slides off after you've inserted your card?

0
0
Silver badge

Ban 3D printers?

And vacuum and injection moulding machines as well?

It's well within the realm of your average senior school metal/woodworking/craft shop to fabricate some very convincing and well made devices without using a 3D printer. It's just a bit slower, needs some reasonable skill, and you can't distribute the model data over the Internet as data. But you can still send the dimensions and blueprints.

0
0

Perhaps the banks could introduce some actual security.

Trying to stop skimming is almost impossible, so lets solve the real problem - that anyone can help themselves to our money just by knowing a couple of secret numbers. Facial, iris, fingerprint, and voice recognition could all be used, or cards themselves could have copy protection. It's just crazy that someone who isn't me, looks nothing like me, and who doesn't have my bank card can pretend to be me so easily.

1
0
Bronze badge

Re: Perhaps the banks could introduce some actual security.

But think of the privacy invasion!

0
2

Captions

Actually watch the whole vid with captions turned on, quite a lot of it doesn't make sense, and then there are just amusing mistakes.

1
0

Turn Captions on

Re-watch the video and turn captions on, then skip to 1:33 it's has to be the best snafu going.

"look over your shoulder to see your penis you entered"

Instant classic :)

5
0
Gold badge
Happy

Re: Turn Captions on

""look over your shoulder to see your penis you entered"

Instant classic :)"

That what commercial grade voice to text recognition looks like.

Impressive is it not?

2
0
Silver badge

I was kindof wondering why the ATM machine had a snot-green card slot.

0
0
Silver badge

Manufacturers might conceivably decide to do something similar to prevent 3D printers from being used to manufacture ATM skimmer parts.

Shortsighted of an ElReg reporter to say this, after all, once you get through all the things you can't do, what's left that you can do?

0
0
Silver badge

The Halting Problem must already have been solved. Why didn't I hear of it?

0
0
Gold badge
Happy

"Eduaction and awareness are our best weapons"

Now if you could just make David Cameron and Clare Perry believe that you might be on to something.

Incidentally if you're wondering how card scammers can afford a commercial grade 3d printer that's simples.

They bought it on (someone else's) credit card of course.

0
0
Zot
Bronze badge
Big Brother

I worked with someone who discovered a skimming device.

A couple of wires had come loose from the top. As he tugged at the wires in confusion as to what they were, two guys got out of a car behind him, and beat him to a pulp! I think he'll call the police before interfering with a crook's hardware in future.

0
0
Silver badge
Trollface

Re: I worked with someone who discovered a skimming device.

Ok, so he would get out his phone, THEN two guys get out of a car and beat him up. Great.

He should have knifed the mofos. Deeply. Eleganty. While laughing hysterically.

It would look good on surveillance camera.

Ah, hold on. This is the UK, knives are considered weapons of mass destruction. Oh well.

1
1
Anonymous Coward

Re: I worked with someone who discovered a skimming device.

I found one of those devices at a bank in Canada. The skimmer itself was quite professional looking - molded plastic to fit exactly over the card reader. Very difficult to tell it was there. However, the camera monitoring the keypad was awful and very noticeable if you bothered to look.

I removed the devices, finished my banking and prepared to go to the local police station. By the time I finished, there were two "gentlemen" in line behind me who grabbed the things from me and ran away. I didn't get beat up, possibly just lucky that other customers were around. I always thought these things were monitored remotely, but clearly not as remotely as I would have liked.

I reported the incident anyway, and a policeman actually called me back a few days later, saying they got photos of the individuals involved from the bank cameras and told me they were affiliated with a Romanian criminal organization. I have no idea if that was actually true or how exactly they knew that, but was impressed that they even bothered to call and update me on the investigation.

0
0

RF card needed

A new type of RF chip is needed for bank cards. It also needs to be in the high frequency range. Up in the 500Ghz range and with highly limited range (part of that comes naturally at this high frequency).

0
0
Coat

Re: RF card needed

That's half the required frequency. It should be in the Terahertz range.

Because it hurts Terror[ists].

It's the one with the tinfoil-lined pockets, thanks!

1
0

tens of thousands of people?

> affecting tens of thousands of people and stealing around AU$100,000 (US$92,000).

So around $5 each, basically?

0
0
This topic is closed for new posts.