You'd Never Spot This Skimming Device Found At A Supermarket Checkout

You'd Never Spot This Skimming Device Found on a Safeway Checkout

Skimmers have been growing ever more advanced in recent years. Do you think you'd be observant enough to notice that this checkout front-plate was about to gobble up your card details? Krebs on Security has obtained these images of a card skimmer used on a self-checkout terminal at a Safeway store in Maryland. (Safeway recently admitted that it was investigating card skimming attacks at several of its stores.)

The device is what's known as an overlay skimmer: It slips straight over the top of a pay point in order to grab data from your card's magnetic stripe and capture your PIN, while requiring no direct hardware interaction with the checkout itself. Because it doesn't interfere with your payment, the only thing it needs to do is look convincing — which it does.

Of course, chip-and-pin skirts this issue altogether. But if you find yourself at a checkout which requires you to swipe your card, you may want to give the fascia a quick check (without, you know, destroying the pay point altogether). And as ever, if you're in the slightest suspicious about where you're putting your card, you should walk away without making the purchase.

[Krebs on Security]



    You guys are so very far behind the rest of us. Not really, but these were all over the news here in Australia about 4-5 years ago. Ones that slipped over ATM machines as well so best prepare yourselves.

    Magnetic strips are still a thing? I can't remember the last time I "swiped" a card.

      Rfid are no better. Actually they're worse. If your wallet isnt shielded they just have to be in proximity. And yes its already happening in shopping centers (gold coast)

        It's only good for one transaction, and as soon as you use your card it invalidates all of the previously unused swipes.
        In addition the banks take a lot of the responsibility for pin less PayPass, so just don't carry a debit card and the bank will refund you pretty much no questions asked

          my understanding is they can get everything except the cvv number allowing online purchases. I really don't know much about it only that they can easily obtain your details just by being in proximity, so if you have any more info feel free to share.

      You never make purchases above $100?

        a. sometimes you can tap and enter a PIN for amounts over $100
        b. every other credit card terminal take chip and PIN now instead of magnetic stripe

        You would have been better off saying "You never use an ATM card for EFTPOS?"

          no, i don't actually; in any case i purposefully damage the chip and use my magnetic stripe.

    they are still on eftpos only cards, now that most of us have either credit cards or visa/mastercard "debit" cards you wont see it that often any more, im still waiting to hear about the pay wave skimmers, that will be the next big thing if its possible.

      They're already a thing. You can skim peoples wallets as you walk past them. Can even do it with a smartphone I've heard.

        No you can't use a phone at a distance, you need a much more sensitive antenna/amplifier than a phone will have. You could build one to plug a phone into of course, but that's a different sort of skill level.

        I haven't looked into it, but based on chip and PIN technology, the problem for a "skimmer" is that with magnetic strip once you have what is on the stripe, you can make copies of the card for yourself, but with chip and PIN you can't because the card never transmits its secret key. The only way you can skim is to set yourself up to make "transactions" with cards as they go by, but then the bank can track down who you are and shut you down.

        The NFC chip on a smartphone is only enabled when the screen is on and phone is unlocked.

        This may not apply for the aftermarket NFC add-ons like the SIM cards which are required by some.

Join the discussion!

Trending Stories Right Now