Apparently villains are no longer content with sticking cameras and PIN readers onto ATM cash machines, now they’re working on new technology – called shimming – that will let them insert an ultra thin circuit board through the card slot to read your PIN and card details from inside.
The circuit board will be thinner than a human hair, and will be inserted using a fake credit card carrier, which will also stick the thing to the insides of the ATM, ready to read and transmit to a remote cell phone or receiver. Science fiction right? Probably. Read the 11.45pm comment to see why it probably won’t deliver much value to the nasty krinimals.
One of the main reasons this attack can succeed is because in most all countries today (like the U.S.A) the data sent from the chip on a credit card to the contacts on the ATM circuit board is sent in the clear. So if you can get in the middle of that data flow, like a shim attack does, you can capture card data, pin information, CVV info, etc. However, most Pin Entry devices have supported offline-encrypted pin (encrypting the data between chip and board) for years