Card skimmers now use thermal imaging to steal your bank PINs

25 Mar 2015

Hiding your PIN from sight may no longer be a deterrent for card thieves. Card skimmers are now using a thermal imaging devices to pick up PINs from thermal signatures left on ATM keypads.

An ordinary-looking iPhone case fitted with an infrared camera can pick up the thermal signatures left by a customer on a keypad.

Security expert Tom O’Connor from warned that card skimmers can now target a victim using a single hand-held device to get PINs and get enough card details to make online purchases.

He pointed to the FLIR One infrared accessory that picks up a heat signature to allow thieves to easily guess what buttons have been pressed.

Thieves feel for the heat

“It can be used at point-of-sale machines in shops or banks or at ATMs to steal a PIN,” O’Connor revealed.

“While standing in the queue the fraudster can also download their target’s card details using an RFID (Radio Frequency Identification) scanner app.

“The scanner apps have been shown to be extremely effective in reading the details from a credit or debit card’s RFID chip.

“The criminals can then use the information to make on-line purchases for high-value goods which they can quickly convert to cash.”

O’Connor said that concerned punters can take steps to confuse the thieves by simply allowing your fingertips to rest on random keys after completing a retail transaction, providing the fraudster with a misleading trail of buttons.

“Also, the heat signature from metal keys doesn’t last long enough for the scam to work – plastic buttons are ideal for the fraudster.

“It’s frighteningly simple and the criminal scam is likely to increase as the software continues to develop and become more powerful,” O’Connor said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years