chg: [attck4fraud] ATM Shimming added

This commit is contained in:
Alexandre Dulaunoy 2019-03-19 08:33:08 +01:00
parent 779bc4a6a0
commit 2419a33807
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD

View file

@ -83,6 +83,30 @@
}, },
"uuid": "0e45e11c-9c24-49a2-b1fe-5d78a235844b", "uuid": "0e45e11c-9c24-49a2-b1fe-5d78a235844b",
"value": "ATM skimming" "value": "ATM skimming"
},
{
"description": "ATM Shimming refers to the act of capturing a bank card data accessing the EMV chip installed on the card while presenting the card to a ATM. Due to their low profile, shimmers can be fit inside ATM card readers and are therefore more difficult to detect.",
"meta": {
"detection": "Inspection of motorised card slot for the presence of unrecognised devices; Visual evidence of tampering with the ATM.",
"examples": [
"Shimmer device found inside a Diebold Opteva 520",
"Shimmer installed inside point-of-sale terminals at Coquitlam"
],
"external_id": "FT1004",
"kill_chain": [
"fraud-tactics:Initiation"
],
"mitigation": "Cover the numerical input pad while entering the PIN (customer); Avoid self-standing ATMs in isolated areas (customer); Anti-skimming technology: metal detection for card readers, card jitter motion (enterprise); verification of transaction using the codes generated by the EMV chip (enterprise).",
"refs": [
"https://krebsonsecurity.com/2015/08/chip-card-atm-shimmer-found-in-mexico/",
"https://www.cbc.ca/news/canada/british-columbia/shimmers-criminal-chip-card-reader-fraud-1.3953438",
"https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/",
"https://blog.dieboldnixdorf.com/atm-security-skimming-vs-shimming/"
],
"victim": "end customer, enterprise"
},
"uuid": "469d22c1-7a73-4034-a449-74db7f021255",
"value": "ATM Shimming"
} }
], ],
"version": 1 "version": 1