Manitoba

Brandon bank frauds are likely cases of card skimming, expert says

A cybersecurity expert believes a series of bank frauds reported to Brandon police this week appears to be a classic case of card skimming or its more sophisticated cousin, card shimming.

Brandon police received 6 reports from people who had between $200 and $2,000 taken from bank accounts

Card shimming, similar to card skimming, involves inserting a small device that reads data inside ATM card readers. (CBC)

A cybersecurity expert believes a series of bank frauds reported to Brandon police this week appears to be a classic case of card skimming or its more sophisticated cousin, card shimming. 

Brandon police received six reports on Monday of bank accounts being accessed by suspected fraudsters. Each of the accounts had between $200 and $2,000 withdrawn by an unknown source in Florida.

"It sounds like skimming to me," said University of Calgary professor and computer security expert Tom Keenan.

Skimming, he explained, involves the perpetrators fixing a device to an ATM or a debit machine PIN pad. "You don't notice it.... As your card goes in, it's recording the information on it." 

Hackers today, he said, can get PINs and information from cards with newer chip-and-PIN technology as well. The practice, dubbed card shimming, involves inserting a small device inside the card reader of an ATM or debit machine, invisible to unsuspecting users.

The practice has become so sophisticated, some devices can instantly read the information from a card and send it to a remote server. 

Brandon police haven't said how the hackers obtained the banking information of the six victims, but said they were contacted by "various banking institutions."

Gas stations popular for hackers 

Keenan said gas stations that offer to take payment at the pump are particularly at risk because the skmming or shimming devices can be installed quickly when an attendant may not be looking. 

He said technology is in the works that would defeat skimmers — technology that uses biometrics like fingerprints, for example — but it would come at the expense of privacy. 

"It's always that trade-off between convenience and privacy and general security."

He said frequent card users shouldn't be worried but they should be vigilant. 

"I urge people not to be paranoid," Keenan said. 

But "anything that wiggles [on the machine] is your problem," he said. "If you rub on the plastic and it doesn't feel quite right or it comes off, a skimmer has probably been put on there."

Police said the respective banks would cover the losses for the six victims who came forward.

Keenan said it serves as a good example of why people should keep a close eye on their bank accounts and statements. 

now