|
DFR Risk Management provide a range of tools to assist in the characterization, and analysis of sophisticated ATM fraud devices. Examples include our ATM Skimming and ATM PIN-Compromise check lists:
ATM PIN-Compromise Checklist
ATM Skimming Checklist
|
|
DFR Risk Management ATM PIN-Compromise Check List (APC-)
External PIN-Compromise Devices
| Camera Location & Packaging |
|
Keyboard
|
|
In light diffuser / light panel
|
SC1
|
|
Exact-size keyboard overlay
|
KB1
|
|
|
In leaflet box
|
SC2
|
|
Shelf / full-panel keyboard overlay
|
KB2
|
|
|
In false panel above PIN pad
|
SC3
|
|
False-front covering larger area
|
KB3
|
|
|
In false panel right of PIN pad
|
SC4
|
|
|
|
|
|
In false panel left of PIN pad
|
SC5
|
|
Other
|
KB0
|
|
|
In safety mirror
|
SC6
|
|
|
|
|
|
In sun / rain canopy
|
SC7
|
|
Surveillance
|
|
Integrated with skimmer
|
SC8
|
|
Shoulder surfing - covert
|
SV1
|
|
|
|
|
|
Shoulder surfing – assist victim
|
SV2
|
|
|
Other
|
SC0
|
|
Long-range lens / telescope
|
SV3
|
|
|
|
|
|
Mirror
|
SV4
|
|
|
Camera Type
|
Coloured dust
|
SV5
|
|
|
Spy camera
|
TC1
|
|
|
Advertising panel reflection
|
SV6
|
|
|
Cell phone camera
|
TC2
|
|
|
|
|
|
|
Video camera
|
TC3
|
|
|
|
|
|
|
Other
|
TC0
|
|
|
Other
|
SV0
|
|
Internal PIN-Compromise Devices
| Internal Compromise of Modules |
|
Internal Compromise of ATM System
|
|
ATM integrated security camera tap
|
IP1
|
|
Internal communications tap
|
IS1
|
|
|
Internal keyboard tap
|
IP2
|
|
Software / Malware / Trojan
|
IS2
|
|
|
|
|
|
|
|
|
|
Other
|
IP0
|
|
Other
|
IS0
|
|
Remote & Secondary PIN-Compromise Devices
| Remote Cameras |
|
Remote Keyboards
|
|
ATM location CCTV
|
RC1
|
|
Door-entry keyboard
|
RK1
|
|
|
ATM location spy camera
|
RC2
|
|
PIN-activation / validation keyboard
|
RK2
|
|
|
|
|
|
Stand-alone terminal
|
RK3
|
|
|
Other
|
RC0
|
|
Other
|
RK0
|
|
Attachment Method & Power Source
| Attachment Method |
|
Power Source
|
|
Adhesive tape
|
AM1
|
|
Integrated non-rechargeable batteries
|
PS1
|
|
|
Glue
|
AM2
|
|
Integrated rechargeable batteries
|
PS2
|
|
|
Screw / bolt
|
AM3
|
|
Separate battery pack
|
PS3
|
|
|
Friction fit
|
AM4
|
|
From ATM power
|
PS4
|
|
|
Weld / fuse
|
AM5
|
|
From other constant power source
|
PS5
|
|
|
Other
|
AM0
|
|
Other
|
PS0
|
|
Storage Capability, Communication & Download Capability
| Storage |
|
Communications & Download
|
|
None
|
ST1
|
|
None
|
CD1
|
|
|
Local integrated chip
|
ST2
|
|
Socket / USB
|
CD2
|
|
|
Local data / SD card
|
ST3
|
|
Analogue RF
|
CD3
|
|
|
MP3 / MP4 or equivalent recorder
|
ST4
|
|
Bluetooth
|
CD4
|
|
|
Cell phone camera storage
|
ST5
|
|
Wi-Fi (802.11)
|
CD5
|
|
|
|
|
|
SMS / MMS / Text
|
CD6
|
|
|
|
|
|
GSM / Data
|
CD7
|
|
|
|
|
|
Digital RF (non-specific)
|
CD8
|
|
|
Other
|
ST0
|
|
Other
|
CD0
|
|
Activation & Encryption
| Activation |
|
Encryption
|
|
Always on (switched)
|
AC1
|
|
None
|
EC1
|
|
|
Proximity detector
|
AC2
|
|
AES
|
EC2
|
|
|
Remote control
|
AC3
|
|
DES
|
EC3
|
|
|
Card / transaction activated
|
AC4
|
|
3DES
|
EC4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
AC0
|
|
Other
|
EC0
|
|
Additional Features, Capacity & Endurance
| Features |
|
Capacity & Endurance
|
|
Integrated skimmer
|
FP1
|
|
Maximum endurance from power supply
|
|
|
|
Receiver for skimming device
|
FP2
|
|
Maximum number of PIN data stored
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
FP0
|
|
Other
|
|
|
|
|
|
DFR Risk Management ATM Skimming Check List (ASK-)
Card Entry Area Skimming Devices
| Motorized Readers |
|
DIP Readers
|
|
Directly to card entry slot
|
M1
|
|
Directly to card entry slot
|
D1
|
|
|
Moulded around entry area
|
M2
|
|
Moulded overlay covering DIP reader
|
D2
|
|
|
False front covering larger area
|
M3
|
|
False front covering larger area
|
D3
|
|
|
Modified anti-fraud device inhibitor
|
M4
|
|
|
|
|
|
Overlay of anti-fraud inhibitor
|
M5
|
|
|
|
|
|
Attachment to anti-fraud inhibitor
|
M6
|
|
|
|
|
|
Other
|
M0
|
|
Other
|
D0
|
|
|
|
|
Swipe Readers
|
|
Contactless Readers
|
|
Overlay covering swipe reader
|
S1
|
|
Overlay covering contactless reader
|
C1
|
|
|
Mounted below or left of swipe reader
|
S2
|
|
|
|
|
|
Mounted above or right of swipe reader
|
S3
|
|
|
|
|
|
False front covering larger area
|
S4
|
|
|
|
|
|
Other
|
S0
|
|
Other
|
C0
|
|
Internal Skimming Devices
| Internal Compromise of Card Reader |
|
Internal Compromise of ATM System
|
|
Pre-head tap
|
IT1
|
|
Internal communications tap
|
IS1
|
|
|
Read head tap
|
IT2
|
|
Software / Malware / Trojan
|
IS2
|
|
|
Card reader PCB parasite
|
IT3
|
|
|
|
|
|
Card reader data line tap
|
IT4
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
IT0
|
|
Other
|
IS0
|
|
Remote & Secondary Near-Proximity Skimming Devices
| Secondary swipe devices |
|
Hand-held skimming device
|
|
Door-access skimmer
|
RS1
|
|
Pocket-sized skimmer
|
RH1
|
|
|
Card cleaning device
|
RS2
|
|
|
|
|
|
Card activation / validation device
|
RS3
|
|
|
|
|
|
Stand alone terminal
|
RS4
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
RS0
|
|
Other
|
RH0
|
|
|
|
|
Secondary DIP devices
|
|
External modem / Comms. hub
|
|
Door-access skimmer
|
RD1
|
|
Modem tap
|
RE1
|
|
|
Card cleaning device
|
RD2
|
|
Telephone exchange tap
|
RE2
|
|
|
Card activation / validation device
|
RD3
|
|
Communication hub tap
|
RE3
|
|
|
Stand alone terminal
|
RD4
|
|
Wi-Fi intercept
|
RE4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
RD0
|
|
Other
|
RE0
|
|
Attachment Method & Power Source
| Attachment Method |
|
Power Source
|
|
Adhesive tape
|
AM1
|
|
Integrated non-rechargeable batteries
|
PS1
|
|
|
Glue
|
AM2
|
|
Integrated rechargeable batteries
|
PS2
|
|
|
Screw / Bolt
|
AM3
|
|
Separate battery pack
|
PS3
|
|
|
Friction fit
|
AM4
|
|
From ATM power
|
PS4
|
|
|
Weld / Fuse
|
AM5
|
|
From other constant power source
|
PS5
|
|
|
|
|
|
|
|
|
|
Other
|
AM0
|
|
Other
|
PS0
|
|
Storage Capability, Communication & Download Capability
| Storage |
|
Communications & Download
|
|
None
|
ST1
|
|
None
|
CD1
|
|
|
Local integrated chip
|
ST2
|
|
Socket / USB
|
CD2
|
|
|
Local data / SD card
|
ST3
|
|
Analogue RF
|
CD3
|
|
|
MP3 /MP4 or equivalent recorder
|
ST4
|
|
Bluetooth
|
CD4
|
|
|
Cell phone storage
|
ST5
|
|
Wi-Fi (802.11)
|
CD5
|
|
|
|
|
|
SMS / MMS / Text
|
CD6
|
|
|
|
|
|
GSM / Data
|
CD7
|
|
|
|
|
|
Digital RF (non specific)
|
CD8
|
|
|
Other
|
ST0
|
|
Other
|
CD0
|
|
Activation & Encryption
| Activation |
|
Encryption
|
|
Always on (switched)
|
AC1
|
|
None
|
EC1
|
|
|
Proximity detector
|
AC2
|
|
AES
|
EC2
|
|
|
Remote control
|
AC3
|
|
DES
|
EC3
|
|
|
Card / transaction activated
|
AC4
|
|
3DES
|
EC4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
AC0
|
|
Other
|
EC0
|
|
Additional Features, Capacity & Endurance
| Features |
|
Capacity & Endurance
|
|
Integrated camera
|
FX1
|
|
Maximum endurance from power supply
|
|
|
|
Receiver for PIN compromise device
|
FX2
|
|
Maximum number of cards data stored
|
|
|
|
Screened for anti-skimming interference
|
FX3
|
|
|
|
|
|
Motorized card transport
|
FX4
|
|
|
|
|
|
|
|
|
|
|
|
|
Other
|
FX0
|
|
Other
|
|
|
|
|
|
|
|
|
|
