ATM Security Alert: Deep-Insert Shimmer Attack

Advisory Warning

FTSI recently discovered a deep-insert shimmer device on an ATM unit, even though the new NCR Tamper Resistant Card Reader (TRCR) was installed in the unit.

deep_insert_shimmer

The device was discovered after alerts from customers were reported of their debit cards getting stuck or jammed in the card reader. Upon inspection of the ATM card reader, the deep-insert shimmer was found within the NCR TRCR as the obstruction that was causing the card jam.

The deep-insert shimmer found is a new type of shimmer that was created to capture the EMV chip off debit cards being inserted into the card reader. The pin camera for this attack was discovered behind the task light upon further investigation. Review task light pin camera information and safety recommendations.

 

deep_insert_shimmer_ncr_cardreader

 

NCR Tamper Resistant DIP Card Reader

card reader, reducing the height of the card path from 1.3mm to 0.84-0.99mm to mitigate deep-insert skimming/shimming attacks, was able to create an extra layer of protection to alert users and branch staff that the card reader had been tampered with.The TRCR embedded card protection plate that is built directly into the 

Without the TRCR, ATM users would have been able to easily insert their cards without obstruction, never knowing the device was compromising their data. ATM Anti-Skimming Security Solutions.

 

Recommendations and Guidance

Please be aware that these forms of attacks are an industry-wide issue and there are no 100% guarantees for the protection of your ATMs and your customers. Criminals are constantly evolving the skimming/shimming devices to bypass security in place, so it is important to have routine ATM checks to lookout for any signs of tampering.

  • Monitor Your ATM Activity Daily: Branch staff should inspect each ATM multiple times a day to look for signs of suspicious activity. Also regularly review your security footage to inspect for any suspicious activity at your ATMs. Remember: it only takes about 30 seconds to insert a skimmer/shimmer, so multiple ATM checks are recommended to catch ATM tampering before your customers' data is compromised.
  • Review Your ATM's Physical Appearance: Compare your current ATMs against an image of what the ATM originally looked like to see if any surface changes have been made to it. Feel around the surface of the fascia for any signs of raised surfaces that might indicate a tampered piece might be attached to the ATM. If you notice anything suspicious, please contact local authorities immediately to investigate, and follow up with FTSI to assist in a thorough security check on your ATM fleet.

    Review this information with your branch staff to create awareness and to conduct routine ATM security checks. Please contact FTSI with any additional questions or request for information.

 

Tags: ATM security, Skimming, Credit Unions, deep insert skimming, camera, alert, banks, advisory warning, Branch Security