New skimmers fit right on top of chip and PIN credit card scanners

As usual Mr. Krebs has some great images of a credit card skimmer found in the wild.

This model uses Samsung phone parts and lays right over the Ingenico card scanners you’ve probably seen in stores. The interesting thing is that these scanners also support chip and PIN technology but, as evidenced by the photo, it looks like the retailer disabled it essentially sending the scanner back into the 1970s and allowed the skimmer unfettered access.

Two things are going on here. First, chip and PIN scanners are ostensibly safer and therefore card skimmers have to work harder to get the goods. The particular model is quite realistic and automatically dumps data to a nearby Bluetooth device. It is too thin to have onboard storage but the retailer could not find a target device where the credit card numbers would end up. In short you could slip this on the card machine and no one would be the wiser. There isn’t even a clear record of where the data goes.

Wrote Krebs:

However this could also mean that the skimmers are getting desperate. At this point to grab credit cards the old fashioned way a few things need to happen but primarily the skimmer can’t allow users to pay with their phones (ostensibly safer) or their chipped card (ostensibly also safer although I’d like to see the technology in a few years). The escalation took a long time – decades, in fact – but it looks like credit card companies might have reached a stalemate with thieves.

For some reason I really like skimmers. I recall a Bruce Sterling video in which he noted that ATMs are like evolved turtles, intentionally designed in every way to avoid human tampering. These skimmers – simple pieces of plastic with a few electronics inside made by industrious if messy electronics experts – can defeat them in an instant. Life, as they say, finds a way.