Forum Library
Professional
There is a great deal of information on the methods and systems for protecting ATMs in the public domain, an inquisitive mind has long found everything and read it and wound it on a mustache. To my regret, 90% of individuals who come to skimming were deprived of intelligence and did not go far from our ancestors of monkeys, and to be precise, their head is intended only to wear a hat and eat in it. Therefore, we often hear a lot of stupid questions and stories about fantastic protection systems caused by technical illiteracy or inflammation in the part of the head where the brain is usually located.
Okay, let's not understand the reasons for human stupidity, but let's talk about how ATMs protect from our brother and dispel a little the veil of mystery from these magical systems.
I will analyze it using the example of SPS from NCR, similar solutions are used by other ATM manufacturers, as well as companies engaged in the development of anti-skimming protections, other names, but the principle is the same - no one likes to reinvent the wheel twice.
The ATM itself is not a cheap toy and the means of its protection are also not cheap, for example, a noise generator from TDM costs about $ 2000, so the ATM protection system depends only on the banker's pocket and his desire to protect himself and has nothing to do with the novelty of the ATM model , so you can find a fairly new ATM in which you can cram nails, and a fairly ancient protected one like Fort Knox.
SPS - skimming protection solution from NCR company consists of 4 levels of protection against various types of attacks on ATMs and can be used both in combination and separately.
1. Detection of unusual objects located near the reader.
Reports the presence of these objects
Informs about failures or attempts to disable this system.
Displays the ATM in out of services if the cardholder's data is at risk (depending on configuration)
2. Electromagnetic noise at the frequency of reading magnetic information around the entrance to the reader.
Informs about failures or attempts to disable this system.
3. Detecting and reporting the opening of the ATM door.
4. Detection and reporting of ATM drilling.
Now let's consider in order what it is.
Detection - The detection loop works by measuring the capacitive field around the card's entrance to the reader. Continuously monitors this field for changes that might indicate that an object has been placed near input. The reaction time is from 30 seconds to 3 minutes, depending on the settings made by the service personnel.
As you understood from the description, this protection is designed to find overhead skimmers, but its disadvantage is that it reacts to precipitation, such as rain and snow, so in most street ATMs it does not apply or is automatically disabled when it rains (depends on the settings that the service personnel will make).
Frequency noise - generate an electromagnetic field, which leads to the fact that when data is recorded using the so-called flash skimmers, information cannot be decoded, or not recorded at all.
With this protection, I think everything is clear - a noise generator at the frequency of a signal written on a magnetic tape. Easily bypassed with audio chips or shielding in overhead skimmers or internal skimmers.
Door open alarm - can be connected to a door switch or integrated with a supervisor loop via an input signal. Then the position of the upper door can be reported.
Here I also think everything is clear - this is a common alarm as it is on your home door - a reed switch and a magnet. You can bypass by fixing a powerful magnet at the location of the sensor, testing for vulnerability was not possible, assembly according to the "trap" scheme is possible then - hello to the family, but in practice we rarely met specialists who know about this assembly, so go for it.
Drill Protection - An optional drill sensor can be installed behind the card reader I / O slot. It is used to detect and alert attempts to drill a hole through a rail with the intention of fixing the internal skimmer to the reader, or with the intention of disabling detection or malfunctioning functions.
Here, too, everything is simple - an ordinary vibration sensor, which is used in weapon safes and money vaults on the walls. It will be difficult to bypass this device, since it all depends on the sensitivity that the installer will set; with a high threshold, you can glue the vibroplast at the drilling site and drill at low speeds.
They also use the so-called jitter or interupter - these are devices that are connected to the motor of a motorized reader and slow down or interrupt the movement of the card.
Modern msr and asr easily deal with the problem of reading at low speeds as well as interrupts.
I also want to note that jitters and interupters, as well as jammers, are turned off after the shutter shutter closes when the card enters the reader, so these types of protection cannot withstand internal skimmers.
As you already understood, the main emphasis in protection is placed on countering overhead skimmers.
NCR tried to defeat the internal skimmers by releasing the APTRA XFS 06.05 firmware, but failed in this opposition, this protection is easily bypassed by adding magnetic tape to the internal skimmer.
Having admitted defeat in August 2018, NCR issued a recommendation to install mechanical protection in readers.
Mechanical protection from NCR company
Razor 1 - a pad installed on a metal rail in a groove for internal skimmers
Razor 2 is an anti-magnetic strip on a metal rail to protect against internal skimmers, fixed with magnets, as well as mechanically.
It is bypassed by special modifications of the housings of the internal skimmers that cling to other parts of the reader.
Another manufacturer of mechanical protection and not only is TDM, which has released a whole line of CPP (card protection plate) for various readers of the most common ATMs such as Diebold, NCR, Hitachi, Nautilus, Wincor.
The meaning of the work is very simple - it removes the internal space of the reader in which the internal skimmer is usually located.
I did not have the opportunity to hold these plates in my hands, but I met figures who pull them out of the reader with the help of a special hook, since this miracle is attached with a flimsy tin on one bolt.
At the last presentation dedicated to skimming protection, NCR announced the release of a new modification of the motorized reader from Sankyo, in the new modification the plastic rail was changed and the internal space was reduced thereby the location of the internal skimirs was removed, as well as the size of the pre-reader slot for protection against the so-called slotted skimmers was reduced.
Also recently, a novelty from, if I am not mistaken, a Spanish security company caught my eye, which in their anti-skimming protection kit, in addition to the above-listed generators and overhead skimmer detectors, added capacitive protection against internal skimmers installed in smart readers (readers without a motor) , for motorized readers, such protection is technically very difficult to implement due to the configuration of the reader.
Since the new product is only a few months old to test how and what it reacts to and how to get around it - there was no possibility, I hope we will soon pick what kind of animal it is.
I also saw protection complexes, which, in addition to the above, include capacitive detectors, which are installed on the inner surfaces of the ATM, in the places where cameras are attached for recording pincodes. When the object is placed at the location of the sensor, within 30 seconds to 3 minutes, it sends the ATM to out of service and sends a message to the bank. I think from the description it is clear how to detect the presence of this protection, well, it manages to locate the camera in another place.
There are situations when, when installing an internal skimmer, the ATM goes out of service, this is not due to the notorious skimming protection, but to the incorrect configuration of the skimmer, which causes an error, the ATM reboots and continues to work with the skimmer installed inside. Whether a message is sent to the bank or not has not been checked, but the fact that it gets into the event log is 100%.
Information was collected bit by bit, and somewhere on our own experience, so to speak, by a scientific poke. Here I tried to present it briefly and accessible for people far from electronics while answering frequently asked questions.
It is clear that you want everything in one place at once, and most importantly for nothing, but this does not happen.
I can only say that refueling readers, as well as readers on ticket vending machines, parking meters, are very primitive and often very cheap, they don't really care about the protection of such devices. If you carefully study this issue, you will notice that the main protection at gas stations is an anti-tamper PayPaler, as well as police raids with skimmer detectors both to check the reader for the presence of an internal skimak, and bluetooth detectors to detect bluetooth skimmers connected to the reader's bus inside station. Well, now there are bluetooth signal jammers, since this type of skimmer is the most common at gas stations.
In general, the confrontation continues and there will be no end to it.
Success in business.
Okay, let's not understand the reasons for human stupidity, but let's talk about how ATMs protect from our brother and dispel a little the veil of mystery from these magical systems.
I will analyze it using the example of SPS from NCR, similar solutions are used by other ATM manufacturers, as well as companies engaged in the development of anti-skimming protections, other names, but the principle is the same - no one likes to reinvent the wheel twice.
The ATM itself is not a cheap toy and the means of its protection are also not cheap, for example, a noise generator from TDM costs about $ 2000, so the ATM protection system depends only on the banker's pocket and his desire to protect himself and has nothing to do with the novelty of the ATM model , so you can find a fairly new ATM in which you can cram nails, and a fairly ancient protected one like Fort Knox.
SPS - skimming protection solution from NCR company consists of 4 levels of protection against various types of attacks on ATMs and can be used both in combination and separately.
1. Detection of unusual objects located near the reader.
Reports the presence of these objects
Informs about failures or attempts to disable this system.
Displays the ATM in out of services if the cardholder's data is at risk (depending on configuration)
2. Electromagnetic noise at the frequency of reading magnetic information around the entrance to the reader.
Informs about failures or attempts to disable this system.
3. Detecting and reporting the opening of the ATM door.
4. Detection and reporting of ATM drilling.
Now let's consider in order what it is.
Detection - The detection loop works by measuring the capacitive field around the card's entrance to the reader. Continuously monitors this field for changes that might indicate that an object has been placed near input. The reaction time is from 30 seconds to 3 minutes, depending on the settings made by the service personnel.
As you understood from the description, this protection is designed to find overhead skimmers, but its disadvantage is that it reacts to precipitation, such as rain and snow, so in most street ATMs it does not apply or is automatically disabled when it rains (depends on the settings that the service personnel will make).
Frequency noise - generate an electromagnetic field, which leads to the fact that when data is recorded using the so-called flash skimmers, information cannot be decoded, or not recorded at all.
With this protection, I think everything is clear - a noise generator at the frequency of a signal written on a magnetic tape. Easily bypassed with audio chips or shielding in overhead skimmers or internal skimmers.
Door open alarm - can be connected to a door switch or integrated with a supervisor loop via an input signal. Then the position of the upper door can be reported.
Here I also think everything is clear - this is a common alarm as it is on your home door - a reed switch and a magnet. You can bypass by fixing a powerful magnet at the location of the sensor, testing for vulnerability was not possible, assembly according to the "trap" scheme is possible then - hello to the family, but in practice we rarely met specialists who know about this assembly, so go for it.
Drill Protection - An optional drill sensor can be installed behind the card reader I / O slot. It is used to detect and alert attempts to drill a hole through a rail with the intention of fixing the internal skimmer to the reader, or with the intention of disabling detection or malfunctioning functions.
Here, too, everything is simple - an ordinary vibration sensor, which is used in weapon safes and money vaults on the walls. It will be difficult to bypass this device, since it all depends on the sensitivity that the installer will set; with a high threshold, you can glue the vibroplast at the drilling site and drill at low speeds.
They also use the so-called jitter or interupter - these are devices that are connected to the motor of a motorized reader and slow down or interrupt the movement of the card.
Modern msr and asr easily deal with the problem of reading at low speeds as well as interrupts.
I also want to note that jitters and interupters, as well as jammers, are turned off after the shutter shutter closes when the card enters the reader, so these types of protection cannot withstand internal skimmers.
As you already understood, the main emphasis in protection is placed on countering overhead skimmers.
NCR tried to defeat the internal skimmers by releasing the APTRA XFS 06.05 firmware, but failed in this opposition, this protection is easily bypassed by adding magnetic tape to the internal skimmer.
Having admitted defeat in August 2018, NCR issued a recommendation to install mechanical protection in readers.
Mechanical protection from NCR company
Razor 1 - a pad installed on a metal rail in a groove for internal skimmers
Razor 2 is an anti-magnetic strip on a metal rail to protect against internal skimmers, fixed with magnets, as well as mechanically.
It is bypassed by special modifications of the housings of the internal skimmers that cling to other parts of the reader.
Another manufacturer of mechanical protection and not only is TDM, which has released a whole line of CPP (card protection plate) for various readers of the most common ATMs such as Diebold, NCR, Hitachi, Nautilus, Wincor.
The meaning of the work is very simple - it removes the internal space of the reader in which the internal skimmer is usually located.
I did not have the opportunity to hold these plates in my hands, but I met figures who pull them out of the reader with the help of a special hook, since this miracle is attached with a flimsy tin on one bolt.
At the last presentation dedicated to skimming protection, NCR announced the release of a new modification of the motorized reader from Sankyo, in the new modification the plastic rail was changed and the internal space was reduced thereby the location of the internal skimirs was removed, as well as the size of the pre-reader slot for protection against the so-called slotted skimmers was reduced.
Also recently, a novelty from, if I am not mistaken, a Spanish security company caught my eye, which in their anti-skimming protection kit, in addition to the above-listed generators and overhead skimmer detectors, added capacitive protection against internal skimmers installed in smart readers (readers without a motor) , for motorized readers, such protection is technically very difficult to implement due to the configuration of the reader.
Since the new product is only a few months old to test how and what it reacts to and how to get around it - there was no possibility, I hope we will soon pick what kind of animal it is.
I also saw protection complexes, which, in addition to the above, include capacitive detectors, which are installed on the inner surfaces of the ATM, in the places where cameras are attached for recording pincodes. When the object is placed at the location of the sensor, within 30 seconds to 3 minutes, it sends the ATM to out of service and sends a message to the bank. I think from the description it is clear how to detect the presence of this protection, well, it manages to locate the camera in another place.
There are situations when, when installing an internal skimmer, the ATM goes out of service, this is not due to the notorious skimming protection, but to the incorrect configuration of the skimmer, which causes an error, the ATM reboots and continues to work with the skimmer installed inside. Whether a message is sent to the bank or not has not been checked, but the fact that it gets into the event log is 100%.
Information was collected bit by bit, and somewhere on our own experience, so to speak, by a scientific poke. Here I tried to present it briefly and accessible for people far from electronics while answering frequently asked questions.
It is clear that you want everything in one place at once, and most importantly for nothing, but this does not happen.
I can only say that refueling readers, as well as readers on ticket vending machines, parking meters, are very primitive and often very cheap, they don't really care about the protection of such devices. If you carefully study this issue, you will notice that the main protection at gas stations is an anti-tamper PayPaler, as well as police raids with skimmer detectors both to check the reader for the presence of an internal skimak, and bluetooth detectors to detect bluetooth skimmers connected to the reader's bus inside station. Well, now there are bluetooth signal jammers, since this type of skimmer is the most common at gas stations.
In general, the confrontation continues and there will be no end to it.
Success in business.
