Changing Risk, Risking Change: Skimming

How ActiveEdge™ made skimmers utterly useless with a simple 90-degree change.

Note: This post is part of a series dedicated to helping financial institutions better understand how they can protect themselves in a constantly changing security environment. Earlier, we discussed physical security and malware attacks. Join the conversation with Diebold security experts by leaving a comment below or contacting Diebold directly.

“Skimming,” when an ATM is compromised by a card-reader device, accounts for 98% of financial losses at the ATM, according to ATM Marketplace. Most of the world has migrated to EMV cards, which feature an embedded chip to circumvent these devices, and the U.S. is in the process of implementing the chip. While consumers can greet this change with a sigh of relief, there is still a serious problem to address.

Most cards, whether they’re EMV or not, still have the traditional magnetic stripe on the back. And with that magnetic stripe comes the risk of skimming attacks. In Europe, where cards have been completely migrated to EMV, skimming continues to be an issue.

“The use of card reader internal skimming devices appears to be on the rise,” reports ATM Marketplace in a 2015 article on European ATM security. The same evolution of technology that made our phones slimmer and lighter has been used to make skimming devices smaller and more difficult to detect. Readers that were once bulky and external are now small enough to be inserted into the card slot, so any card with a magnetic strip that’s inserted, EMV or not, is vulnerable to a data breach.

But skimmers do have a vitally important flaw: Today, they’re not compatible with a moving internal head. Traditional ATMs feature a stationary head inside the terminal, which “reads” a card’s information as the magnetic stripe slides across it.

Diebold’s team of innovators flipped the technology: now consumers slide their cards into a terminal long edge first, and our ActivEdge technology moves the internal head across the card’s stripe to gather information.

That simple, 90-degree turn renders all known skimming devices useless.

But that’s just the first level of protection.

As thieves innovate their own tactics, they may attempt to access the wires on that moving magnetic head, thus capturing the signals as it reads a card. To combat that risk, ActivEdge also encrypts the data from the magnetic head — so any data that is captured is unreadable.

And what if someone tries to replace the entire card reader? Diebold’s internal security systems are smart enough to know when a component has been removed or replaced, and can sound the alarm for the ATM fleet manager.

Change can be difficult. Asking consumers to switch the orientation of their card in order to use a terminal requires them to change their behavior — something that can sound daunting. However, based on extensive, global consumer studies, we’ve found that once people understand the security benefits, ActivEdge is almost universally accepted. In fact, eight out of 10 users were able to understand the change intuitively, and 92% of them chose it as their most desired experience.

We’ve talked about some of the many circumstances where change can increase risk. ActivEdge is a change that can decrease risk. In the (perhaps not too distant) future, even cards will be unnecessary. You can see the possibilities in our Millennial-inspired ATM design. But until that day, ActivEdge is an innovative change that mitigates a tremendous threat, one that costs the industry an estimated $2 billion per year.

How much did skimming cost your FI last year? Find out more about ActivEdge and how your ATM fleet could be updated, here.