As companies figure out ways to reduce transaction costs by deploying automated vending devices to accept credit cards, fraudsters are figuring out ways to take advantage of the trend. The ever-increasing complexity and security of ATM machines is inciting fraudsters to explore other, more reliable and safe ways to steal credit and debit card data. Until recently, questions about the existence of parking terminal skimmers were for the most part left unanswered. Except for vague and sporadic allusions to their existence, any reliable evidence proved elusive.
Nevertheless, Flashpoint recently obtained solid proof of such a device’s existence. Specifically, a vendor of offline point-of-sale (PoS) skimming devices on a top-tier Russian-language cyber fraud forum introduced a new product: a parking terminal skimmer. The vendor prices his product as follows: Purchase price: $1000 or Rental: $500 + 30 % of dumps collected. Based on the fraudster’s information, it appears that this device has thus far primarily been used in Europe, although it is only a matter of time before it reaches North America, especially considering the ongoing and widespread updating of older coin-based parking terminals in major US cities.
With the fast-paced introduction of various vending machines that accept credit cards, it is inevitable that there will be a significant shift away from the conventional methods of stealing credit information using ATM and POS skimmers, to devices such as parking terminals and other automated vending devices which accept payment via card. Frost & Sullivan estimates that there will be over 2 million cashless vending machines by 2018. Many of these vending machines will be used for applications such as video rentals in supermarkets, electronic retail sales in airports or for dispensing food or drinks anywhere. Often installed in relatively insecure and open locations, these vending machines may prove attractive targets for would-be cybercriminals looking to install such skimming devices.