Cybercriminals abandon skimmers in favor of Shimmers

✨ Megiddo

✨ President ✨
Staff member
May 15, 2016
With the advent of "chip" EMV standard cards, the shimmers began to displace skimmers.

Skimmers are miniature devices inserted into ATMs. Skimmers read data from bank cards magnetic tapes, which can then be used to “clone” these cards. However, the growing popularity of the EMV standard for chip card operations has forced cybercriminals to gradually move away from using skimmers. Since on EMV cards, data is not stored on a magnetic tape, but on an integrated chip, skimmers cannot read them. But can the Shimmers.

For the first time about shimmera became known in 2016. These devices are much smaller in size than skimmers, and are usually placed between a chip and a chip reader at ATMs or PoS terminals. With the advent of EMV, the Shimmers began to force out skimmers gradually, according to IB company Flashpoint. According to the researchers, at present, there are a lot of demand for customized shimmers offered in underground forums.

Theoretically, cards with chips cannot be “cloned” due to the iCVV check value, which differs from the tape on CVV. iCVV prevents copying data from the chip and the creation of "cloned" cards.

Another security measure is ATM protection using the Card Protection Plate (CPP). This mechanism makes it impossible to place any objects in the card reader, and it is very difficult to bypass it, even with the help of shimmers. However, according to Flashpoint, the bypass paths still exist, and they depend on how carefully banks check transactions, in particular iCVV.

Due to incorrect EMV implementations, it is easier for attackers to attack less secure Static Data Authentication (SDA) cards, which are gradually replaced by Dynamic Data Authentication (DDA) and Combined Data Authentication (CDA). Some sellers of shimmers in underground forums even offer detectors for detecting CPPs, as well as tools for introducing and retrieving shimmers from ATMs.
Top Bottom