On several underground forums, a cybercriminal named gripper is selling ATM skimmers and fake POS terminals, and is making some very bold claims doing so:
Figure 1. Underground advertisement.
The cybercriminal claims that he can mass-produce VeriFone VerixV point-of-sale (PoS) devices. (Verifone is a US-based provider of POS terminals.) Some specific VeriFone products such as the Vx510, the Vx670, and the Vx810 Duet are specifically mentioned. These rogue terminals can be used in a store to steal the credit card information of customers; the stolen information is then used or sold on the black market.
In addition, the seller wants to prove that he is a reputable seller and said he is willing to provide ship his product anywhere in the world, as well as provide 24/7 support. He went on to say:
BARE IN MIND WE HAVE THE POWER TO MASS PRODUCE THESE ATM SKIMMERS WITH THE LATEST TECHNOLOGY WE ARE NOT BUYERS AND BUILDERS WE HAVE ALL FILES NEEDED AND PRINTING FACILITIES IN CHINA ALSO WE HAVE FILES TO MASS PRODUCE MSRV ELECTRONICS
These criminals claim they are able to mass produce almost anything related to ATM and PoS devices. One such ad listed the parts and devices they can produce and ship, with some prices in parentheses:
- Fake berifone VerixV terminals (VX510, 670 and 810 Duet)
- Gerber file for producing the PCBs for MSRV009 credit card readers
- ATM panel, camera panel, and keypads for Wincor ProCash2050xe ATMs
- green cover panel and camera panel for NCR 5886 ATMs ($1850)
- apple ring and camera panels for NCR Self Serve ATMs ($2000)
- keypard for Wincor ATMs ($1000)
Producing parts for ATM skimmers and fake PoS terminals is not new; it has been reported by other researchers since 2011. What is very worrying is that the sellers are claiming that they can mass-produce these items from locations in China. This is something we should be worried about as mass production of these devices or parts could result in more bank fraud for end-users. The sellers appear to be quite knowledgable about developments in ATM skimmers and PoS terminals; they are also very open in what they offer to would-be buyers. In fact, several customers have already vouched for gripper, sharing their good customer experience with this seller.
A gallery of pictures supplied by the cybercriminals in order to promote their wares follows.
Figures 2-5. ATM skimmer and PoS terminal images