back to article Card-cloning crooks use 3D printers to make ever-better skimmers

Cybercrooks in Australia are using 3D printers and computer-aided design software to manufacture ATM skimming devices. New South Wales Police recently arrested and charged a Romanian national with fraud involving the use of an ATM skimmer made on a 3D printer to fleece Sydney residents, Australia-based iTnews reports. Police …

COMMENTS

This topic is closed for new posts.
  1. Yet Another Anonymous coward Silver badge

    Need an innovative solution

    What if we could develop some sort of cheap microchip that could actually be embedded into the card and contain some sort of crypto program so that the identity of the card wasn't merley printed on a bit of cassette tape glued on the back for anyone to read?

    Perhaps the banks could also invest in some sort of high street presence with a real building with real physical security and staff who could periodically inspect the machines ?

    In keeping with the green eco-image of banks I suggest a tree motiff and we call these physical peripheral access facilities "branches"

    1. Cliff

      Re: Need an innovative solution

      Unusual karma, 3D printers have a habit making a really ugly mess of spaghetti. At least at the moment it will still frustrate the arse off of the crooks.

    2. Anonymous Coward
      Anonymous Coward

      Every news report I read states that card skimming is the domain of Romanian criminals. Or are they the only ones being caught?

      It will be interesting to see if the levels of this fraud grow when boarder restrictions are lifted later this year.

    3. Xelandre

      Re: Need an innovative solution

      Most cards nowadays have chips, but the account information must still duplicated onto the magnetic strip as many US banks still haven't upgraded (I guess that banking fraud doesn't count in the so-called global fight against terror or whatever). Add to that ATMs in some minor countries (Gulf states IIRC) are also quite permissive in international transaction validation.

      If one only uses ATMs with chip readers one might perhaps degauss the strip?

      Where I live there is a lot of security presence, mostly to prevent the homeless spending the night indoors during winter. (I know, it was the most often received answer when I asked the guards about the reasons for their presence)

      Chips have an additional hazard in that the sort that is pushed nowadays allows contactless transactions, introducing a different type of hazard.

      I would also be worried about POS terminals, which have a large potential for fraud even without the complicity of the shopkeeper. With the variety of designs out there there must be at least a few that have enough room to insert a chip+stripe+keypad recorder.

      1. David Ireland

        Re: Need an innovative solution

        Yes - has anyone tried this? Will terminals reject your card if the mag strip isn't present? I think I'll have to apply for a card to experiment with.

  2. M Gale

    Within the next few years...

    3D printers need a license to use! Which means the rest of us need to pay extra money and be subject to all kinds of data-rape in order to print a few cogs, whereas the sort of people who would print card skimmers.. will carry on doing so anyway. Possibly with stolen printers. Or maybe with your printer courtesy of a (metal) gun to the head.

    A few more headlines like that, and I can see it happening.

  3. Steve Todd

    Anyone who knows anything about the 3D printing process

    Knows that the Create it Real blocker is trivial to sidestep, and likely to be ineffective anyway. The kindest thing you could say about it is that it's a publicity stunt.

    Give people tools and some of them will use them for illegal purposes (cars to get away from the police for example). Find better ways of catching them and move on. Don't try to ban the technology, it's out of the box and people who do want to use it for illegal purposes aren't going to be worried about it being banned.

  4. Anonymous Coward
    Anonymous Coward

    I for one will be writing to David Cameron asking him to personally deal with the criminal menace and their use of technology. If anyone can make a difference then surely it's him.

    1. andreas koch
      Devil

      @ AC 1612h GMT -

      Don't forget to CC Claire Perry. 3D printers are surely a menace and should be blocked by default, because they are being used by child molesters and other sick people like porn watchers. Better outlaw all printers, I've heard these perverts actually print images with these things. Eeeww, makes you shudder how bad the world has become during the Labour government.

      Time to tidy up hard!

    2. Yet Another Anonymous coward Silver badge

      He is a tory - just tell him that 3d CAD systems are used in industry to actually manufacture products and they will be banned.

    3. LarsG
      Happy

      'I for one will be writing to David Cameron asking him to personally deal with the criminal menace and their use of technology. If anyone can make a difference then surely it's him.'

      Needed the heimlich manoeuvre done on me I was laughing so much with a gob full of Scots Oats.

  5. Captain Scarlet Silver badge

    Hmm

    Interesting Video, lets hope scammers dont use No More Nails!

  6. Ottman001
    Facepalm

    So, about this wonder technology that stops the manufacturing of guns and possibly card skimmers. What is to stop someone simply printing the same in more and more parts until the software can't recognise it? Pointless.

    1. Stoneshop
      Boffin

      For a gun, some parts such as the barrel you want to print in a single piece, to give them as much structural integrity as possible. Else you'll be futzing around with epoxy resin and acetone, to get the pieces to become one and you'll be cursing why you didn't build it from glass- or carbon-fiber reinforced epoxy in the first place.

  7. Benjamin 4

    Errrm. I would have thought that the whole world has managed to implement cards with chips in them by now, which would seem to defeat this. Please tell me there aren't places in the world so backwards that they still use magstripe only cards?

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Since the article and video were about what is happening in Australia, my guess would be that Australia still uses mag-stripe.

        The UK still uses magstripe. If the chip and pin device can not read your card then they will use the magnetic stripe. Some places still have the old machines for taking an impression of the card for you to sign.

        1. Yet Another Anonymous coward Silver badge

          Everywhere still uses magstripe aswell - that's the 'genius' of the banks security.

          You get everyone to type their top-secret pin into the terminal at Honest Ahmed's Kebab House and Management consultancy, then have ATM's that still read the magstripe instead of the chip and use the same pin.

          It's like broadcasting the identical weather report every day in your top secret enigma code to U-boats and in Captain America decoder ring code.

    2. John Smith 19 Gold badge
      Meh

      @Benjamin 4

      "Please tell me there aren't places in the world so backwards that they still use magstripe only cards?"

      Indeed there are.

      Romania and Bulgaria for example.

      Surprising coincidence that's where the crooks seems to come from.

      1. DropBear
        FAIL

        Re: @Benjamin 4

        Wrong. For the record, Romanian banks actually DID pretty much transition to chip cards. Unless you're talking about some obscure branch of "Grand Bank of Nigeria" or similar, all newly issued / expired cards I've seen were chipped. As for how long it will take until the last magstripe-based ATM disappears - I believe there will be a lot of them remaining everywhere around the world for quite a while yet.

    3. T. F. M. Reader

      There are places in the world...

      "Please tell me there aren't places in the world so backwards that they still use magstripe only cards?"

      In lots of places in Europe you cannot pay with cards with chips, or at least you could not a couple of years ago. It is probably bugs or lack of backward compatibility, but in practice it got so frustrating to me in my travels (no, not in Ahmed's Kebab Joint - in major hotel chains, well known stores, and restaurants in various countries, etc.) that I requested to revert both of my credit cards to magstripe only. I did that after a receptionist at a German hotel and a manager of a very famous department store in Paris (a kind of store to which top of the line technology and personnel are rushed in a blink) confirmed on separate occasions that problems with chip'n'PIN cards were very common. Amazingly, my problems disappeared as soon as I got rid of the chips.

      One other thing I found out (may depend on country/bank/whatever, of course) is a subtle difference when you contest a transaction: with magstripe your signature is needed to prove that the transaction occurred, with chip'n'PIN, which is deemed more secure, as long as the PIN is recognized as correct (may be stolen just like the Ferret explains, or may not be correct but recognized as such as has been reported more than once) the transaction is deemed legal with or without your signature. Seems an important difference to me.

      1. PJI
        Holmes

        Re: There are places in the world...

        I can assure you, from experience as customer, victim and bank clerk, no one is able to check your signature that reliably. For one thing, there is a handy sample copy of your signature on the card.

        I believe one of the bigger risks is somebody simply shopping on line or over the telephone, especially the latter: no pin and no signature.

        The odd thing, to me, is that after all this time, the holes in the wall are still so badly designed and vulnerable and that magnetic strips are on all cards, not only by customer request, with appropriate waiver. If semi-third world countries such as USA can not keep up, but find their cards stop working in the developed world and that foreign tourists and businessmen in those countries can not spend money so easily, I suspect chip and pin will take off like a rocket in those countries.

        Note that banks are adopting two strategies at least:

        1. monitoring usage patterns so that they can see, automatically, any sudden, "out of character" bills.

        2. geographical limiting: making the card valid within restricted, geographical areas and requiring the customer to request widening this area.

        So some crook trying to use your card in the USA would find it harder on two grounds.

  8. Tom 35

    The real problem

    Forget guns, and skimmers. Clearly the real problem is people might print their own Disney figures.

    1. plrndl
      Childcatcher

      Re: The real problem

      If fraudsters start printing Disney characters, you can be sure that the entire weight of the American Industrial Military complex will bear down on these miscreanrts. To protect the children from fake Mickeys, of course.

      1. Tom 35

        Re: The real problem

        But they are just taking the mickey...

    2. P. Lee
      Facepalm

      Re: The real problem

      There's far more at stake in that issue than in bank fraud.

  9. Velv

    ATM makers will just need to make the front of the machine more complex. There's too much blank grey space at the moment, plenty of place to embed holograms at surface level or something else difficult to copy or print.

    Or we just ban 3D printers - banning things seems to be the favoured option of most MPs these days.

    1. andreas koch
      Devil

      @ Velv -

      >. . .

      banning things seems to be the favoured option of most MPs these days.

      <

      Mostly CP*.

      Not child porn, Claire Perry, MP Devizes.

    2. Robert Helpmann??
      Joke

      Security through Complexity

      ATM makers will just need to make the front of the machine more complex.

      Adding another few factors to the authentication process ought to sort things out. To the thing we already have (card) and the thing we know (key code), lets add a DNA swipe, retinal scan, finger toe print, facial recognition, state-issued ID, plus a short written test. One of those might do the trick.

    3. Stoneshop

      There was an article recently about a slot design that would make magstripe skimming a lot harder. The card would be inserted broadside, so that the stripe doesn't pass lengthwise over a single point in the slot, then rotated once fully inside the machine.

      Of course, rotating would only be necessary if the ATM needed to read the magstripe in the first place, otherwise it's just additional mechanics that can fold, spindle and mutilate your card. Having a read head that moves on a spindle is a long-solved problem problem anyway, so that's a more suitable solution for reading the stripe.

      As for protecting the keypad against overlays, maybe have a close-fitting cover over it that slides off after you've inserted your card?

    4. Peter Gathercole Silver badge

      Ban 3D printers?

      And vacuum and injection moulding machines as well?

      It's well within the realm of your average senior school metal/woodworking/craft shop to fabricate some very convincing and well made devices without using a 3D printer. It's just a bit slower, needs some reasonable skill, and you can't distribute the model data over the Internet as data. But you can still send the dimensions and blueprints.

  10. Chris T Almighty

    Perhaps the banks could introduce some actual security.

    Trying to stop skimming is almost impossible, so lets solve the real problem - that anyone can help themselves to our money just by knowing a couple of secret numbers. Facial, iris, fingerprint, and voice recognition could all be used, or cards themselves could have copy protection. It's just crazy that someone who isn't me, looks nothing like me, and who doesn't have my bank card can pretend to be me so easily.

    1. tom dial Silver badge

      Re: Perhaps the banks could introduce some actual security.

      But think of the privacy invasion!

  11. Smeg77

    Turn Captions on

    Re-watch the video and turn captions on, then skip to 1:33 it's has to be the best snafu going.

    "look over your shoulder to see your penis you entered"

    Instant classic :)

    1. John Smith 19 Gold badge
      Happy

      Re: Turn Captions on

      ""look over your shoulder to see your penis you entered"

      Instant classic :)"

      That what commercial grade voice to text recognition looks like.

      Impressive is it not?

  12. Smeg77

    Captions

    Actually watch the whole vid with captions turned on, quite a lot of it doesn't make sense, and then there are just amusing mistakes.

  13. Vociferous

    I was kindof wondering why the ATM machine had a snot-green card slot.

  14. John Tserkezis

    Manufacturers might conceivably decide to do something similar to prevent 3D printers from being used to manufacture ATM skimmer parts.

    Shortsighted of an ElReg reporter to say this, after all, once you get through all the things you can't do, what's left that you can do?

    1. Destroy All Monsters Silver badge

      The Halting Problem must already have been solved. Why didn't I hear of it?

  15. John Smith 19 Gold badge
    Happy

    "Eduaction and awareness are our best weapons"

    Now if you could just make David Cameron and Clare Perry believe that you might be on to something.

    Incidentally if you're wondering how card scammers can afford a commercial grade 3d printer that's simples.

    They bought it on (someone else's) credit card of course.

  16. Zot
    Big Brother

    I worked with someone who discovered a skimming device.

    A couple of wires had come loose from the top. As he tugged at the wires in confusion as to what they were, two guys got out of a car behind him, and beat him to a pulp! I think he'll call the police before interfering with a crook's hardware in future.

    1. Destroy All Monsters Silver badge
      Trollface

      Re: I worked with someone who discovered a skimming device.

      Ok, so he would get out his phone, THEN two guys get out of a car and beat him up. Great.

      He should have knifed the mofos. Deeply. Eleganty. While laughing hysterically.

      It would look good on surveillance camera.

      Ah, hold on. This is the UK, knives are considered weapons of mass destruction. Oh well.

    2. Anonymous Coward
      Anonymous Coward

      Re: I worked with someone who discovered a skimming device.

      I found one of those devices at a bank in Canada. The skimmer itself was quite professional looking - molded plastic to fit exactly over the card reader. Very difficult to tell it was there. However, the camera monitoring the keypad was awful and very noticeable if you bothered to look.

      I removed the devices, finished my banking and prepared to go to the local police station. By the time I finished, there were two "gentlemen" in line behind me who grabbed the things from me and ran away. I didn't get beat up, possibly just lucky that other customers were around. I always thought these things were monitored remotely, but clearly not as remotely as I would have liked.

      I reported the incident anyway, and a policeman actually called me back a few days later, saying they got photos of the individuals involved from the bank cameras and told me they were affiliated with a Romanian criminal organization. I have no idea if that was actually true or how exactly they knew that, but was impressed that they even bothered to call and update me on the investigation.

  17. jonfr

    RF card needed

    A new type of RF chip is needed for bank cards. It also needs to be in the high frequency range. Up in the 500Ghz range and with highly limited range (part of that comes naturally at this high frequency).

    1. Adam Foxton
      Coat

      Re: RF card needed

      That's half the required frequency. It should be in the Terahertz range.

      Because it hurts Terror[ists].

      It's the one with the tinfoil-lined pockets, thanks!

  18. babayaga

    tens of thousands of people?

    > affecting tens of thousands of people and stealing around AU$100,000 (US$92,000).

    So around $5 each, basically?

This topic is closed for new posts.

Other stories you might like