ATM skimming isn't limited to ATMs! There are lots of terminals that ask you to swipe your card and/or enter a PIN, and many of them are less well-armored and -policed than actual cashpoints. Skimmers have been found on train-ticket machines, parking meters and other payment terminals. Once a crook has got your card number and sign-on data, they can use that to raid a your account at an ATM. Brian Krebs has a look at some of these devices, including a full-on fascia for a cheapie ATM discovered in latinamerica.
The organization also is tracking a skimming trend reported by three countries (mainly in Latin America) in which thieves are fabricating fake ATM fascias and placing them over genuine ATMs, like the one pictured below. After entering their PIN, cardholders see an ‘out-of-order’ message. EAST said the fake fascias include working screens so that this type of message can be displayed. The card details are compromised by a skimming device hidden inside the fake fascia, and the PINs are captured via the built-in keypad, which overlays the real keypad underneath.
This reminds me a little of the evolution of payphones — the armadillos of the device world! — and the look-alike COCOTS (customer-owned coin-operated telephones) that presented very soft targets if you could scry through their camouflage.