Mexico resort towns are now lurking with sophisticated ATM skimmers.
A skimmer as defined by Brian Krebs is an electronic device which is used by criminals to steal your bank account number and PIN.
The skimmer device is inserted in the card slot of an ATM. Upon inserting your card into the card reader slot of the ATM, all your bank personal information is harvested and transmitted wirelessly to a remote location.
Owning a skimmer is illegal and being caught with one in Mexico will definitely land you in hot soup. However, according to Krebs, he carried one in Sept the 9th 2015 when going to Mexico to help him carry out a sensitive ATM investigation task. He passed through the Yucatan Peninsula on his way to Cancun.
On this particular trip, Krebs was interested in establishing whether skimming happens in Mexico and if so how rampant it was. In just one trip through Mexico, he discovered 19 ATMs which had been compromised from the inside with tiny sophisticated electronic devices that were able to read customers’ account numbers and PINs and then transmitting the same wirelessly.
Earlier in the year, a Mexican ATM firm supposedly wanted to be advised on the best way to deal with a new ATM fraud of unmatched sophistication and bravado. The fraudsters seemed unparalleled in terms of organization and expertise. It is then that Krebs got interested.
Given the high reprisal crime rate in Mexico, the names of the company and that of the contact person in the ATM Company had to be skipped in Krebs’ story. The contact person of Krebs alleged that several of the ATM’s maintenance technical staff, particularly in Cancun, were approached by Eastern Europe-looking men. They would be offered a deal which would ultimately enable them to make over 100 times their salary if they only agreed to allow the criminals into the inside of just one ATM.
It was discovered that one of the technicians who was in charge of a busy ATM had accepted the offer. But this was only after the amount was increased and the criminals became relentless.
Even though the compromised employee got axed eventually, the information that he provided played a critical role in helping stop the criminals. The company tested the skimming device first-hand. After installing it on ‘empty’ ATMs and turning the devices on, they picked a ‘Free2Move’ Bluetooth signal coming from the device.
This new fraud shows just how far criminals are prepared to go.