Patent Application
20240038029
Disclosed are systems and methods for detecting a skimmer located proximate a card reader of a self-service terminal (SST). The systems and methods may include obtaining a baseline measurement for a plurality of sensors located proximate the card reader and activating a subset of the plurality of sensors. A signal may be received from each of the subset of the plurality of sensors that were activated. When the signal from each of the subset of the plurality of sensors deviate from the baseline measurement by a predetermined threshold, a determination may be made that the skimmer is proximate the card reader. In response to determining that the skimmer is located proximate the card reader, the self-service terminal may be disabled.
In the drawings, which are not necessarily drawn to scale, like numerals can describe similar components in different views. Like numerals having different letter suffixes can represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document.
Corresponding reference characters indicate corresponding parts throughout the several views. The exemplifications set out herein illustrate exemplary embodiments of the disclosure, and such exemplifications are not to be construed as limiting the scope of the disclosure any manner.
Disclosed herein are systems and methods for protection against skimming devices being placed on self-service terminals (SSTs). Skimming devices are used by criminals to steal card information when unsuspecting users swipe their cards. The skimming devices read the information from the magnetic strip on cards as users swipe their cards. The criminals can then use the information to make duplicate cards, make fraudulent online purchases, and/or sell the information on the dark web.
The systems and methods disclosed herein may allow for detection of a skimming device, sometimes called a skimmer, that is place on or proximate a card reader of SSTs. As disclosed herein, software, sometimes referred to as a “driver” may command firmware to sample one or more sensors, sometimes referred to as a “pattern.” The pattern may be a subset of a plurality of sensors. For example, if there are seven sensors, the pattern selected may be every odd sensor, every even sensor, two sensors located directly across from one another, or any other combination of sensors. The various patterns can be preprogrammed patterns and/or patterns generated at random.
The driver can select and/or generate a pattern to be sampled by commanding the firmware. As a non-limiting example, a round robin approach can be implemented to sample data for each pattern on a regular basis. For instance, a variety of preprogrammed patterns may be programmed into the driver and/or firmware. Upon execution, the driver may command the firmware to sample the various patterns in a round robin fashion.
The firmware may sample the pattern and report the sampled data to the driver. The driver may then process the sampled pattern. The raw data from each of the sampled patterns may be processed to yield an average value (level) for that round.
A calibration event, under supervised control, may be used to create an averaged level, sometimes referred to as a baseline or default baseline, for each sensor and/or pattern. A second baseline, sometimes referred to as an active baseline, may be set equal to default baseline. Due to environmental changes, especially temperature, the level drift away from the active baseline and hence the active baseline is updated continuously. For example, every ten minutes the default baseline may be set to the active baseline value. Thus, during the day when temperatures change, the baseline value may be updated to account for natural and/or expected environmental changes that may occur. As disclosed herein, the active baseline may be tracked so long as there is no skimmer detected, rain compensation is not activated, and/or the signal is below a fixed rain stability. Until a new default baseline calibration event, the level for each sensor and/or pattern may be measured against the active baseline for that sensor and/or pattern.
A noisy level may occur due to consumer activity and/or rain. Therefore, each sensor and/or pattern stability may be measured. For example, the stability may be a standard deviation of 80 samples of the baseline level in current use. Active baseline trend and level analysis may be adjusted to accommodate the noise, such as small deviations that may be caused by rain.
As disclosed herein, for each round and/or for each pattern within that round the level and stability may be checked. If the stability is less than a preset value, such as for example, 50 standard deviations, then the level may be checked. If the level is greater than the default baseline+/−X deviations, then a possible skimmer is registered. If after a predetermined number of rounds, such as for example five successive rounds, the number of patterns registering a skimmer equates to a preset number, sometimes referred to as a depth, such as for example three successive rounds in five successive rounds, then an unusual object alert can be reported. The unusual object may be a skimmer.
If stability is greater than rain stability, then the pattern may be noisy and possible rain is registered. If after a preset number of rounds such as five rounds, the number of patterns registering rain, sometimes referred to as a depth, equates to a preset number, such as four of five rounds, then the rain may be reported. After reporting, service personnel can check weather data to confirm the presence of rain. If rain is detected by the service personnel, no action is needed. However, if rain is not detected by the service personnel, then a service call can be initiated.
If there has been card activity during the round robin sampling, then the rain detect can reset to round zero. If there is a card in the reader, then no skimmer may be reported until there is no card in the reader.
There are sensors on SSTs that can provide inputs to controllers of the SSTs and the inputs may indicate that a door or fascia covers have been opened, further indicating that a servicing action (e.g., replacing currency cassettes, performance of routine maintenance, etc.) may be in progress. When these inputs return the doors and/or facias have been closed and/or are in a home position, a period of settlement may occur in which there is no reporting of a skimmer. This settlement period may allow for the system to settle especially during period of excessive cold or heat.
Faults may be reported indicating a problem with an individual pattern and/or a problem with the device; the SST in general and/or the specific hardware used to implement skimmer detection. For example, excessive stability readings and/or abnormal level from a particular sensor and/or pattern that relies on a particular sensor may indicate a fault with the particular sensor.
For skimmer and rain reporting the depth and deviation inputs may be varied with preset values. This may allow users to modify the decision and reporting behavior. Alerts and faults may be reported through the SST channels. For example, alerts and faults may be reported through automated teller machine (ATM) transaction and servicing channels.
The above discussion is intended to provide an overview of subject matter of the present patent application. It is not intended to provide an exclusive or exhaustive explanation of the invention. The description below is included to provide further information about the present patent application.
Turning now to the figures,
I/O device 114 may include a card reader 116 and a contactless card reader 118. Card reader 116 may be a card reader that requires a user to physical swipe a card in order to enter information stored in a magnetic strip of the card into the self-service terminal. Contactless card reader 118 may be a card reader that extracts information from a card when the card is placed in close proximity to contactless card reader 118. The card information may be transmitted to self-service terminal 100 via short range wireless communications. For example, contactless card reader 118 may be connected to communications port 112 and allow for near field communications, BLUETOOTH® communications, etc. between the users' card and self-service terminal 100.
As disclosed herein, software module 106 may include instructions that when executed by processor 102 that cause self-service terminal 100 to retrieve user information from remotes systems once a user has entered card information via card readers 116 and/or 118. For example, once a user has been authenticated, such as by swiping his or her card via card reader 118 and entering a personal identification number (PIN) via user interface 110, self-service terminal 100 may retrieve account balances, daily withdrawal limits, etc. from a central computer maintained by a financial institution.
Software module 106 may also retrieve and/or store self-service terminal data 108. For example, during sampling of sensors located proximate card readers 116 and 118, software module 106 may retrieve active baselines, permissible standard deviation tolerances, patterns, etc. from self-service terminal data 108. During operations, software module 106 may write new self-service terminal data 108, such as, but not limited to, writing updated active baselines as disclosed herein. Non-limiting examples of self-service terminal data 108 may include active baseline data, preset values for deviations from active baselines, error and/or fault codes, routing instructions for routing the error and/or fault codes, actions to take, such as disabling one or both of card readers 116 and 118, in the event of skimmer detection or other error and/or fault event detection, completely disabling self-service terminal 100 in the event of an error and/or fault event detection, etc.
User interface 110 can include any number of devices that allow a user to interface with self-service terminal 100. Non-limiting examples of user interface 110 include a keypad, a microphone, a display (touchscreen or otherwise), etc. User interface may also operate as an I/O device, such as I/O device 114. For example, user interface may be a touch screen display that displays instructions for a user an accepts inputs from the user via the user touching appropriate buttons displayed on user interface 110.
Communications port 112 may allow self-service terminal 100 to communicate with various information sources and devices, such as, but not limited to, remote computing devices such as servers or other remote computers maintained by financial institutions, mobile devices such as a user's smart phone, peripheral devices, etc. Non-limiting examples of communications port 112 include, Ethernet cards (wireless or wired), BLUETOOTH® transmitters and receivers, near-field communications modules, etc.
I/O device 114 may allow self-service terminal 100 to receive and output information. Non-limiting examples of I/O device 114 may include card readers 116 and 118, a skimmer detection device 200 (shown at least in
Driver board 202 may include a processor and memory, such as processor 102 and memory unit 104, that can control skimmer detection device 200. For example, driver board 202 may receive instructions from processor 102 and data from memory unit 104 to carryout skimmer detection as disclosed herein. In addition, driver board 202 may include a separate processor and memory unit to carry out skimmer detection as disclosed herein and transmit skimmer detection and/or faults to processor 102.
Mounting bracket 204 may be used to mount skimmer detection device 200 in self-service terminal 100. In addition, the various components of skimmer detection device 200 may be mounted to mounting bracket 204. Channel molding 206 may allow for routing cables, such as co-ax cables used to connect sensors to driver board 202.
Bezel 208 may include electronic components that allow a user to physically swipe a card and/or insert a card into self-service terminal 100. As disclosed herein, bezel 208 may include lights, such as LEDs and/or sensors that are used to detect skimming devices.
Media enhanced entry indicator board 210 may include lights, such as LEDs 218 and 220. Media enhanced entry indicator board 210 may display lights in various patterns to convey information to a user. For example, media enhanced entry indicator board 210 may illuminate LED 218 when a user inserts his or her card and may illuminate LED 220 as an indication that the user should remove his or her card from bezel 208.
Diffuser 212 may be a device that is used to secure bezel 208 to mounting bracket 204. Diffuser 212 may allow for routing of cables, wires, etc. Diffuser 212 may also provide mounting options and/or provided portion for media enhanced entry indicator board 210 and/or LEDs 218 and 220.
Overlay detection board 214 may be mounted to diffuser 212. Overlay detection board 214 may include sensors as disclosed herein that allow for the detection of devices, such as skimmers, that are overlaid onto bezel 208, contactless card reader 216, and/or otherwise located proximate bezel 208 and/or contactless card reader 216 to skim card information.
Contactless card reader 216 may be a contactless reader, such as contactless reader 118 described herein. Contactless reader 216 may be attached to mounting bracket 204 as shown in
Also as disclosed herein, the baseline measurement may be obtained during operation of the self-service terminal, such as by updated an initial baseline due to changes in environmental conditions. For example, obtaining the baseline measurement may include receiving a signal from sensors located proximate card readers at regular intervals. The signals may correspond to measurements, such as capacitance vales. Thus, the signal from each of the sensors may represent the baseline measurement and may be saved as a new baseline. For the signals to constitute a new baseline it is presumed that the deviation in the newly received signal does not deviate from a previous received signal or previously received number of signals, such as for example, the previous 10 signals received. By limiting the deviation in the new signal large changes in signal value that may be indicative of a skimmer being placed proximate a card reader are not mistakenly saved as a new baseline. Stated another way, the change in signal values, such as capacitance measurement may be restricted to a preset deviation over a predetermined time, predetermined number of samples, etc. to reduce the likelihood that a skimmer can installed and mistaken as a weather related change in measured values.
Once the baseline is received or established, method 400 may proceed to stage 402 wherein one or more sensors may be activated. For example, the various sensors may be activated such that one, all, or any subset of the sensors are activated to obtain measurement values. The pattern in which sensors are activated may be preprogrammed into a number of patterns, such as the patterns shown in
After activating one or more sensors, a signal from each of sensor activated, sometimes referred to as a subset of the plurality of sensors that were activated, may be received (406). The received signals may be voltages, currents, or other electrical signals. A processor, such as processor 102 may convert the signals to a measurement, such as a capacitance measurement using lookup tables and/or calibration equations that may be stored in and retrieved from a memory, such as memory unit 204 as part of self-service terminal data 108.
Prior to converting the signals to a measure and/or after converting the signals to a measurement noise maybe filtered from the signals and/or measurements (408). For example, during rain or while a user is using the self-service terminal, the various signals and/or measurements may generate noise due to temporary contact from a user's fingers and/or rain contacting a card reader and/or sensor. Because the deviations in signals and/or measurements may be temporary due to the temporary nature of the contact, they may generate noise that can be filtered. Filtering the signals or measurements may be done using filtering circuitry, such a high, low, and bandpass filters. Software may also be included as part of software module 106 and/or self-service data 108 that can implement filtering algorithms such as Fourier transforms, infinite impulse response (IRR) or finite impulse response (FIR) discrete-time and/or digital filters, etc.
Using the received signals and/or measurements, a determination may be made that a skimmer is located proximate the card reader (410). For example, when the signals and/or measurements form one or more, possibly each, of a subset of the sensors deviates from the baseline measurement by a predetermined threshold a determination may be made that a skimmer is located proximate the card reader. The predetermined threshold can be a preset value, such as a multiple of standard deviations from the baseline measurement. The deviations can be for a time period greater than a preset time period. For example, the deviations from the baseline may be 10, 20, 30, 40, 50, 60, 70, 80, etc. standard deviations for a time period exceeding 10, 20, 30, 40, 50, 60, 80, 120, etc. seconds.
More than one pattern may be used to confirm detection of a skimmer. For example, pattern 1 may indicate the presence of a skimmer, but none of the other patterns may indicate a detection of a skimmer. To avoid false positives, before a determination that a skimmer is present a predetermined number of patterns, such as say 3, 5, a majority of the patterns, etc., may be required to indicate the presence of a skimmer before an alter is generated (412) and/or the card reader and/or self-service terminal is disabled (414).
Once a skimmer is detected, an alter message may be generated (412). The alert message may be transmitted to service and/or security personnel for review and action. For example, for an ATM that is connected to a bank, the alert message may prompt a bank employee to quickly check the ATM for the tampering and/or the presence of a skimmer. If one is located the employee can quickly remove the device before customer data is compromised.
If the self-service terminal is not attached to a bank or readily accessible by service personnel, then the self-service terminal may be disabled (414). Disabling the self-service terminal may include disabling the card reader that a user physical inserts his or her card into while leaving a contactless card reader operational to allow for limited use of the self-service terminal until an inspection can be performed. Disabling the self-service terminal may also include completely disabling all card readers and displaying an out of service message on a display to notify users the self-service terminal is unavailable for use.
As disclosed herein various stages of method 400 may be rearranged and/or omitted without departing from the scope of this disclosure. For example, an alert message may be transmitted (412) after a self-service terminal is disabled (414). The filtering of noise (408) may be omitted.
The following, non-limiting examples, detail certain aspects of the present subject matter to solve the challenges and provide the benefits discussed herein, among others.
Example 1 is a method for detecting a skimmer located proximate a card reader of a self-service terminal (SST), the method comprising: obtaining a baseline measurement for a plurality of sensors located proximate the card reader; activating a subset of the plurality of sensors; receiving a signal from each of the subset of the plurality of sensors that were activated; determining that the skimmer is located proximate the card reader when the signal from each of the subset of the plurality of sensors deviates from the baseline measurement by a predetermined threshold; and disabling the self-service terminal in response to determining that the skimmer is located proximate the card reader.
In Example 2, the subject matter of Example 1 optionally includes wherein obtaining the baseline measurement comprises receiving the baseline measurement from a memory of the self-service terminal.
In Example 3, the subject matter of any one or more of Examples 1-2 optionally include wherein obtaining the baseline measurement comprises receiving a signal from each of the sensors, the signal from each of the sensors representing the baseline measurement.
In Example 4, the subject matter of any one or more of Examples 1-3 optionally include wherein the baseline measurement comprises a capacitance value for each of the plurality of sensors.
In Example 5, the subject matter of any one or more of Examples 1˜4 optionally include wherein the predetermined threshold comprises a change in a capacitance measure over a predetermined time.
In Example 6, the subject matter of any one or more of Examples 1-5 optionally include wherein activating the subset of the plurality of sensors comprises activating the subset of the plurality in a round robin manner.
In Example 7, the subject matter of any one or more of Examples 1-6 optionally include wherein disabling the self-service terminal comprise disabling the card reader.
In Example 8, the subject matter of any one or more of Examples 1-7 optionally include transmitting an alert message.
In Example 9, the subject matter of any one or more of Examples 1-8 optionally include filtering noise from the signal received from each of the subset of the plurality of sensors.
In Example 10, the subject matter of any one or more of Examples 1-9 optionally include wherein the subset of the plurality of sensors is one of a plurality of subsets of the sensors, each of the plurality of subsets of corresponding to a different test pattern.
Example 11 is a skimmer detection system comprising: a processor; and a memory storing instructions that, when executed by the processor, causes the processor to perform actions comprising: obtaining a baseline measurement for a plurality of sensors located proximate a card reader of a self-service terminal; activating a subset of the plurality of sensors; receiving a signal from each of the subset of the plurality of sensors that were activated; determining that a skimmer is located proximate the card reader when the signal from each of the subset of the plurality of sensors deviates from the baseline measurement by a predetermined threshold; and disabling the self-service terminal in response to determining that the skimmer is located proximate the card reader.
In Example 12, the subject matter of Example 11 optionally includes wherein the baseline measurement comprises a capacitance value for each of the plurality of sensors.
In Example 13, the subject matter of any one or more of Examples 11-12 optionally include wherein the predetermined threshold comprises a change in a capacitance measure over a predetermined time.
In Example 14, the subject matter of any one or more of Examples 11-13 optionally include wherein activating the subset of the plurality of sensors comprises activating the subset of the plurality in a round robin manner.
In Example 15, the subject matter of any one or more of Examples 11-14 optionally include transmitting an alert message.
In Example 16, the subject matter of any one or more of Examples 11-15 optionally include filtering noise from the signal received from each of the subset of the plurality of sensors.
Example 17 is a self-service terminal (SST) comprising: a card reader; a plurality of sensors located proximate the card reader; a processor in electrical communication with the plurality of sensors; and a memory storing instructions that, when executed by the processor, causes the processor to perform actions comprising: receive a baseline measurement for the plurality of sensors from the memory; activating a subset of the plurality of sensors; receiving a signal from each of the subset of the plurality of sensors that were activated; determining that a skimmer is located proximate the card reader when the signal from each of the subset of the plurality of sensors deviates from the baseline measurement by a predetermined threshold over a predetermined time; and disabling the self-service terminal and transmitting an alert message in response to determining that the skimmer is located proximate the card reader.
In Example 18, the subject matter of Example 17 optionally includes wherein the plurality of sensors comprises a plurality of capacitance sensors and the baseline measurement comprises a capacitance value for each of the plurality of capacitance sensors.
In Example 19, the subject matter of any one or more of Examples 17-18 optionally include wherein activating the subset of the plurality of sensors comprises activating the subset of the plurality in a round robin manner.
In Example 20, the subject matter of any one or more of Examples 17-19 optionally include filtering noise from the signal received from each of the subset of the plurality of sensors.
In Example 21, the apparatuses or method of any one or any combination of Examples 1-20 can optionally be configured such that all elements or options recited are available to use or select from.
The above detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show, by way of illustration, specific embodiments in which the invention can be practiced. These embodiments are also referred to herein as “examples.” Such examples can include elements in addition to those shown or described. However, the present inventors also contemplate examples in which only those elements shown or described are provided. Moreover, the present inventors also contemplate examples using any combination or permutation of those elements shown or described (or one or more aspects thereof), either with respect to a particular example (or one or more aspects thereof), or with respect to other examples (or one or more aspects thereof) shown or described herein.
In the event of inconsistent usages between this document and any documents so incorporated by reference, the usage in this document controls.
In this document, the terms “a” or “an” are used, as is common in patent documents, to include one or more than one, independent of any other instances or usages of “at least one” or “one or more.” In this document, the term “or” is used to refer to a nonexclusive or, such that “A or B” includes “A but not B,” “B but not A,” and “A and B,” unless otherwise indicated. In this document, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein.” Also, in the following claims, the terms “including” and “comprising” are open-ended, that is, a system, device, article, composition, formulation, or process that includes elements in addition to those listed after such a term in a claim are still deemed to fall within the scope of that claim. Moreover, in the following claims, the terms “first,” “second,” and “third,” etc. are used merely as labels, and are not intended to impose numerical requirements on their objects.
The above description is intended to be illustrative, and not restrictive. For example, the above-described examples (or one or more aspects thereof) may be used in combination with each other. Other embodiments can be used, such as by one of ordinary skill in the art upon reviewing the above description. The Abstract is provided to comply with 37 C.F.R. § 1.72(b), to allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Also, in the above Detailed Description, various features may be grouped together to streamline the disclosure. This should not be interpreted as intending that an unclaimed disclosed feature is essential to any claim. Rather, inventive subject matter may lie in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the Detailed Description as examples or embodiments, with each claim standing on its own as a separate embodiment, and it is contemplated that such embodiments can be combined with each other in various combinations or permutations. The scope of the invention should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
