Alarm maker uses radiation to nuke ATM card skimmers

ADT harnesses electromagnetic pulses to protect ATMs, customers from having data stolen

Banks may be where the money is, but if your interest is in taking what you can get whether it's yours or not, there are a lot of much simpler places to rob.

ATMs, for example, hold a lot of money, and are easier to crack than an actual bank.

Stealing whole ATM units, often using a pickup truck is still a popular way to pick up a few bucks ($80,000 in this case in December), not that the pickup-truck technique always works.

If you like things a little more subtle, social engineering works, too. In March there was a spate of ATM robberies in which thieves used glue to disable the "Clear" and "Enter" keys on ATMs attached to a bank. Customers who put in their card and PIN got stuck, unable to use the keypad to enter their preferences, unable to get their cards back out.

When the customer went into the bank for help, the thieves slid in, freed the glued keys and had their way with the already-open bank accounts.

Card trapping offers a more techie approach in which thieves slide a mechanism to trap an ATM card into the machine's card slot. Later, playing the helpful stranger, the thief offers to help another customer whose card has been trapped, getting a look at the victim's PIN number along the way. After the customer leaves, the thief retrieves the card, the trap and the customer's money.

Card skimming is more technical and a lot cleaner (less human contact).

Card skimmers place magnetic-strip readers on ATMs near the card slot to record the account numbers of customers as they slide their cards in.

The FBI is prosecuting a pair of Bulgarian brothers it alleges ran a card-skimming scheme that let them steal more than $1 million from New York-area ATMs.

Thieves write the magnetic data they've stolen onto blank cards, and use the fakes to withdraw money or make purchases directly.

The average loss per skimming attack for the bank is $50,000 according to the Secret Service.

Cards embedded with smart chips to enforce PCI or ENV security and encryption can limit the losses somewhat, but are not widespread enough to address it all.

ADT Business Solutions just came out with a way to use an atmospheric affect best known for arriving immediately after a nuclear explosion to stop skimmers in their tracks.

The device is installed on or near the ATMs, rather than on the cards to make it easier for ATMs to defend themselves against skimmers.

Once installed, the device emits electromagnetic pulses (EMP) – waves of electromagnetic energy that is thick around the back of CRT-based TVs or computer monitors, energy that creates static on nearby radio stations and which follows nuclear explosions with bursts of electromagnetism strong enough to permanently destroy electronics.

The EMP generators ADT wants to build into ATMs aren't anywhere near that level of lethality. Instead they create static that makes it impossible for any magnetic-card reader to operate except the one that's in the machine itself.

"By placing the device in close proximity to the ATMs' factory card reader, it can block the operation of another card reader placed nearby without affecting the ATM," according to John Pearce, director of marketing with ADT Business Solutions. 

The EMP devices have to be calibrated to allow the ATM's reader to work while stopping any others from working by soaking them with static.

Kits to build the EMP units into ATMs cost about $2,000 per ATM, though the average $50,000 loss per skimming incident should cost-justify the added security, Pearce said.

About 150 have been deployed so far according to Security Management, though no banks have yet admitted installing one.

No word from ADT yet whether there's a more powerful version that could also burn out the engine in a pickup truck before it pulls the ATM from the wall. I'm sure something like it is on the way, though.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies