Offline POS skimmers, beware of fake payment terminals

Very interesting article by Brian Krebs on his blog about offline POS skimmers, Fake payment terminals that clone credit cards. Brian has encountered a professional cybercriminal forum with a skimmer vendor offering point of sale (POS) terminals manipulated to simulate confirmation of purchases and cloning cards.

Specifically, it sells two wireless Verifone models (vx510 and vx670) starting at $ 2,500. The price may seem high, but compared to the profits a criminal can make from them it is a minimal investment.

These devices They pretend to process purchases by printing fake tickets, while the data of the cards and the PINs are saved in an internal memory to later recover them with a USB cable. In addition, they can also simulate network connection errors.

In the following video uploaded by Brian you can see how it works, the terminal is disconnected from the network and even when swiping a card a ticket is printed as if everything was fine:

Countermeasures to buy quiet:

The ideal when paying by card is never lose sight of herBecause when they are taken they could pass it through a pocket skimmer (device that clones the card) or simply copy the visible information from the plastic (number, expiration, name and security code), data that is sufficient in many cases to make purchases by Internet.

But before a manipulated payment terminal everything happens in front of us, so what can be done?

Incorrect PIN entry: It is worth mentioning that the PIN should never be told to the other person and in fact when entering it, it is convenient to cover the keyboard so that it is not visible. When requested, if we entered it wrong the first time and still the purchase is confirmed, then something strange is happening because the device is not verifying it with the bank.

Strange ticket: If the printed ticket is different from the normal one, it is a good reason to be suspicious. Also if it is printed instantly upon swiping the card, without verifying anything.

Account status: It is always good to be aware of the account statements and verify that the discounted amounts are correct. If we make a purchase and then it does not appear, at first it may not seem like a good thing but perhaps we were cheated and our data is now in the hands of criminals.

Secondary card: Just as some entities offer virtual cards to make purchases over the internet, using a debit card or an extension of the principal with a balance limit can be useful in case of scam, because at least we will lose less money.

However, despite these countermeasures, the tampered POS terminal may still be able to receive authorization from the bank, confirm the purchase as normal, and be cloning the information. Two researchers demonstrated this in the last Black Hat USA in Las Vegas.

And this happens in Latin America?

These scams occur around the world, in fact recently I commented that in a shopping in Argentina they had arrested a cardinal in full action while manipulating terminals or simply changed them for false pretending to be a technician (the press did not give many details of the case).

And recently something similar happened in Chile, the police arrested three people and seized cloned cards, a database with more than a thousand bank customers and four fake payment terminals. It is also believed that they would be part of a band that operates in several countries of the southern cone:

Image: Carabineros de Chile

More details about this case at