Online Gang Plans Mass 3D Printing of ATM Skimmers
An online criminal group is offering to 3D-print ATM skimmers and fake point-of-sale devices as a service for credit-card thieves.
Three-dimensional printing hasn't changed many industries, but one that has been affected is the credit-card-theft industry. For a few years now, enterprising card thieves have used 3D printers to make card "skimmers" that fit snugly over the card slots on ATMs, gas pumps and in-store point-of-sale (PoS) devices.
But 3D printing has often been slow and expensive. So at least one criminal group has taken skimmer-making to the next level: The group plans to mass-produce, through 3D printing or through more old-fashioned methods, fake ATM parts and PoS devices.
MORE: 13 Security and Privacy Tips for the Truly Paranoid
"We have resources to mass produce ATM skimmers, also VeriFone Verix terminals models Vx510, 670, 810 Duet," reads an ad on an underground "carder" website spotted by TrendMicro's Security Intelligence blog. (VeriFone is one of the largest suppliers of in-store PoS devices in the United States.)
"We offer 24/7 support," the ad, which was posted Feb. 27 on the Lampeduza Republic carder site by a user called "Gripper," continued. "We have bases in Moscow, South Africa, USA and also the UK."
In a posting from March 7 seen by Tom's Guide, Gripper offers ATM overlays for people building their own skimmers, and promises PoS overlays, including 3D-printing files and Bluetooth-enabled skimmers that transmit stolen card data over distances of more than half a mile.
"As promised, ATM bezels for sale. Cheapest on the Web. Order from 200 to 250 maximum. That's right, 250 USD not pounds," Gripper wrote. "As many as you want, any shape and size. All we need is the model and you can make your own skimmers."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
"Orders over 10 we can talk on price. Production time is three to five days depending on the make and amount," he continued. "Coming soon, also PoS overlays and schematics. The future of skimming online and Bluetooth with a range of 1K meters. Join the fastest growing team on the Web."
Compared to the massive Target data breach this past December, in which 40 million card numbers were stolen, skimmers are a slow and fairly inefficient way to steal credit- and debit-card data.
However, skimmers are also easy to use. Thieves simply slip into an ATM vestibule in the middle of the night and glue the skimmer over an ATM's card slot, then wait for customers to use the ATMs. Cards are skimmed twice, once by the ATM and once by the skimmer, which is designed to blend into the rest of the ATM.
Until a couple of years ago, thieves had to return to the ATMs to retrieve the skimmers and their accompanying memory chips. But many skimmers now have built-in Bluetooth chips allowing thieves to simply park outside and retrieve the stolen data wirelessly.
Gripper seems to be part of a truly international organization, as another posting seen by Trend Micro indicates.
"We have the power to mass produce these ATM skimmers with the latest technology," Gripper wrote. "We are not buyers and builders. We have all files needed and printing facilities in China. Also we have files to mass produce MSRV [magnetic-stripe-reading] electronics."
In the U.S., credit-card owners are usually not liable for fraudulent charges of more than $50, and debit-card owners have similar protections if they notify their card issuer as soon as they learn of fraud.
Nonetheless, it's always a good idea to review your credit-card and bank statements every month, and to constantly monitor your bank balance for unexplained spending.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.