If a thief uses it successfully uses your card, the chip allows your bank to say, “You let someone have your PIN number so it’s not our fault. NO MONEY FOR YOU!”
Great name! Say it with me: Deep. Insert. Skimmers.
Sounds techy, yes, but in a dangerous, kind of pervy street-level butchershop implant way. So cyberpunk.
Depends on how the bank uses it. If the ATM just gets the account number out of the chip and sends that along in plaintext with your PIN, then it is exactly like the magnetic stripe. A skimmer could simply read the bits as it passes them through to the machine.
But if the reader system is properly designed, your PIN will be accepted by the chip, and every other transmission will be enciphered by the chip. It has enough processing power to do that. It has to be correctly designed, though, to change the cipher every time. If it does that, the bits captured by the skimmer will not be re-usable.
Don’t know why crooks need to make the super small skimmers. Doesn’t seem like they are needed when the banks seem to go out of their way to use ATMs that look as if someone has glued a giant skimmer to them.
How the hell am I supposed to know if someone has put a skimmer on this ATM?
Not exactly tamper evident.
Ah, yes, this confusion arises a lot. What Europeans call a “chip”, Americans call a “French fry”. So it’s a totally different system.
I still miss the old days of the key-clunk-chunk handheld device into which you inserted the card plus a preprinted carbon-copy duplicate form. Analog baby, analog.
This is only one half of the puzzle though, they also need your PIN, which is usually obtained via a tiny camera. Always obscure your finger movements when entering your PIN, even when there’s nobody around.
That’s good advice, but it can be difficult if you have certain physical disabilities.
I’m curious if the ATMs that “eat” your card and cough it back in are less vulnerable than the ones that read on a single swipe.
Always. I find doing interpretive dance at work is a good way to keep anyone from looking at my finger movements.
EE question: would it be possible for these skimmers to recharge their batteries by inducing a current from the card’s magnetic strip? The field is probably too small.
How so? Just pretend to press some keys while not really pressing them.
I don’t want to promote my bank, as I hate them for other reasons. They’ve got fairly tamper evident ATM’s though.
I was under the impression that doing that was the entire point of the chip-and-pin system.
The banking industry took shortcuts, because time is money. The current system doesn’t even do challenge / response properly. (The US chip / sig system is worse.)
I’ve recently decided to start doing this after reading yet another article about compromised atms. I rarely need to obtain cash since the majority of my transactions are done with a credit card. No more 7/11 ATMs.
I have one, used it for years in my print business until we got those ripoff credit card processing machines. When the chip cards came in you had to upgrade or got dinged extra for the processing. I’m in Canada where the bank and credit cards have chips and you have to enter a pin if you use the card at a merchant. (Though I noticed that wasn’t the case in the US, they just made me do the signature).
Anyway the old hand imprinter came in handy for craft shows etc but lately I’ve used the Square card processor which attaches to a smart phone and just has people sign, instead of a pin - though it is only for credit cards not debit. (Have to say it works well, no monthly fees, they charge 3% which is higher than the credit card processors but then there is no monthly charge for the machine, statement fee, and various bs charges they tack on)…
One processor Moneris, I dropped when I noticed on a couple of occasions their math did not add up ie. 1.8% of x amount of card transactions was off by $65 in their favour. Now you would only notice that if you do the math yourself, but who actually checks the math on a statement?
A photo on the ATM “insert card” screen that says “the card reader should look like this [photo] - if it doesn’t, please call 888-123-4567”?
(sorry… out likes… enjoy this Capt. Jack gif instead!)
This should be a problem for banks more than it is for customers. The bank should refund anyone who has lost money through using an adulterated ATM. At least that gives banks a strong financial incentive to come up with ways to make their ATMs more and more secure.
[Yes, I’m aware that should isn’t necessarily a guarantee. And no, I wouldn’t wish this experience on anyone even if their bank acts as it ought.]