Countermeasures

The below extracts are taken from published EAST Guidelines entitled ‘Standardisation of Terminology for Locations of Card Data Compromise Devices at ATMs’.   The aim is for this terminology to be adopted globally when describing the location of CDC devices at ATMs and other Terminals.  This terminology is also used in all EAST Fraud Alerts.

These Guidelines have been produced for the benefit of the Industry and Law Enforcement  and the full version can be downloaded by EAST Members from the EAST Intranet.

EAST has also produced Terminal Fraud Definitions, Fraud Terminology, Fraud Definitions, Central/Host Fraud Definitions, Terminal Physical Attacks Definitions and Terminology and Countermeasures against ATM Malware and Black Box Attacks.

Type of DeviceDescription
M1. Overlay Skimming DeviceThe read head on this type of overlay device is external to the fascia and the motorised card reader throat (entrance) or covers the whole of the motorised card reader entrance.
M2. Throat Inlay Skimming DeviceThe read head on this type of device is placed inside the throat of the ATM or inside the legitimate bezel and in every case in front of the card reader shutter.
M3. Card Reader Internal Skimming DeviceThe read head on this type of device is placed at various locations inside the motorised card reader behind the shutter. This type of device is also sometimes referred to as a “deep insert” skimming device.
D1. Overlay Skimming DeviceThe read head on this type of overlay device is external to the fascia and the dip card reader throat (entrance) or covers the whole of the dip card reader entrance.
D2. Throat Inlay Skimming DeviceThe read head on this type of device is placed inside the DIP card reader throat in front of the card reader read head
D3. Card Reader Internal Skimming DeviceThe read head on this type of device is placed inside the DIP card reader throat behind the card reader read head
E1. Pre-read Head Eavesdropping Device:This type of device is connected to the pre-read head of a motorised card reader.
E2. Read Head Eavesdropping Device.This type of device is connected to the read head of the card reader.
E3. PCB Eavesdropping DeviceThis type of device is attached to the PCB of the card reader.
E4. Communication Eavesdropping Device:This type of device is connected to the communication interface (e.g. USB interface) of the card reader.
S1. Card Reader Internal Shimming DeviceThis type of device is placed inside the card reader