Patent Application
20220180712
The present application relates to technologies for mitigating risk of data theft and more specifically, to devices for detecting skimming devices configured to facilitate theft of financial card data.
Efforts to skim information from financial cards (e.g., credit cards and debit cards) have become widespread. Skimming devices have become very small, allowing them to be placed within or over existing devices that consumers frequently utilize to facilitate financial card purchases. For example, skimming devices are frequently used to conduct skimming attacks on automated teller machines, fuel pumps, and other point of sale (POS) devices. Skimming devices are typically small battery operated devices that utilize card readers and cameras to capture financial card data (e.g., financial card number, expiration date, etc.) and personal identification number (PIN) data entered by consumers. The captured data may be stored locally on the device where it may be retrieved at a later time by the perpetrator, or it may be transmitted wirelessly via Bluetooth or another communication protocol to the perpetrator, such as by retrieving data captured by a skimming device installed at a fuel pump using a laptop computing device.
The present application relates to systems, methods, and computer-readable storage media configured to detect the presence of skimming devices. The skimming devices may be embedded within other devices, such as when a skimming device is placed within a fuel pump housing, as well as skimming devices overlaid on other devices, such as when a skimming device is inserted into or over a financial card reader of an ATM. In embodiments, a skimming detection device is configured with a plurality of sensors configured to detect characteristics that may be used to detect the presence of a skimming device. The sensor data generated by the plurality of sensors may be compared to reference sensor data to detect the presence of a skimming device. Devices configured according to embodiments may be configured to generate outputs that indicate whether a skimming device is not present, likely present (e.g., the consumer or user should assume the scanned device contains a skimmer or has otherwise been compromised), or confirmed to be present. Such capabilities may enable user (e.g., a customer, a business operator, law enforcement, etc.) to quickly scan a device (e.g., an ATM, a fuel pump, etc.) to determine whether a skimming device is present and take action to mitigate the use of any detected skimming devices as well as prevent the perpetrator (e.g., the entity that provided the skimming device) from retrieving any financial card data that has already been captured by the skimming device.
The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention. It should be appreciated by those skilled in the art that the conception and specific embodiment disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present invention. It should also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims. The novel features which are believed to be characteristic of the invention, both as to its organization and method of operation, together with further objects and advantages will be better understood from the following description when considered in connection with the accompanying figures. It is to be expressly understood, however, that each of the figures is provided for the purpose of illustration and description only and is not intended as a definition of the limits of the present invention.
For a more complete understanding of the present invention, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
It should be understood that the drawings are not necessarily to scale and that the disclosed embodiments are sometimes illustrated diagrammatically and in partial views. In certain instances, details which are not necessary for an understanding of the disclosed methods and apparatuses or which render other details difficult to perceive may have been omitted. It should be understood, of course, that this disclosure is not limited to the particular embodiments illustrated herein.
Various features and advantageous details are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known starting materials, processing techniques, components, and equipment are omitted so as not to unnecessarily obscure the invention in detail. It should be understood, however, that the detailed description and the specific examples, while indicating embodiments of the invention, are given by way of illustration only, and not by way of limitation. Various substitutions, modifications, additions, and/or rearrangements within the spirit and/or scope of the underlying inventive concept will become apparent to those skilled in the art from this disclosure.
Referring to
The memory 120 may include read only memory (ROM) devices, random access memory (RAM) devices, one or more hard disk drives (HDDs), flash memory devices, solid state drives (SSDs), other devices configured to store data in a persistent or non-persistent state, or a combination of different memory devices. The memory 120 may store instructions 122 that, when executed by the one or more processors 102, cause the one or more processors 102 to perform the operations described in connection with the skimmer detection device 100 with reference to
The one or more sensors 130 may include a Bluetooth sensor 132, an infrared sensor 134, and a magnetometer 136. It is noted that
The power supply 108 may be configured to provide operational power to the skimmer detection device 100, such as by supplying power to the skimmer detection device 100 from one or more batteries. The sensor control unit 110 may be configured to provide signals or instructions to the one or more sensors 130 that control the operation of the sensor(s) 130. The skimmer detection logic 112 may be configured to process information or signals detected by the one or more sensors 130 to produce sensor data (e.g., the sensor data 126) and the sensor interpretive logic 114 may be configured to analyze the sensor data 126 and the reference data 124 to determine whether a skimmer device is present within an area under analysis, as described in more detail below. In an aspect, the operations performed by the sensor control unit 110, the skimmer detection logic 112, and the sensor interpretive logic 114 may be stored as part of the instructions 122.
The I/O devices 104 may include various devices configured to receive inputs, such as a mouse, a keyboard, one or more buttons (e.g., a button to initiate sensing operations to detect a skimmer device), one or more switches (e.g., a power switch to turn the skimmer detection device off/on), communication interfaces (e.g., universal serial bus (USB) ports, serial ports, network communication interfaces (e.g., devices that enable the skimmer detection device 100 to communicate over one or more networks), a touchpad, the display device 106, and the like. The I/0 devices 104 may facilitate interaction between a user and the skimmer detection device 100, as described in more detail below.
During operation, a user may interact with one or more of the I/O devices 104 to initiate sensing operations. For example, the user may toggle a power switch to turn the skimmer detection device 100 on. Once powered on, the user may interact with the skimmer detection device to provide an input to initiate operations to detect whether any skimming devices are present in the area proximate to the skimmer detection device, such as to scan one or more fuel pumps at a fueling station or an ATM. In response to the input received, the one or more processors 102 (or the sensor control unit 110) may activate the one or more sensors 130. Once activated, the one or more sensors 130 may begin detecting characteristics of the surrounding environment, such as detecting the presence of one or more Bluetooth enabled device (which may represent potential skimmer devices in the area), detecting heat signatures (e.g., of one or more batteries of a potential skimmer device), and the like. In addition to sensing Bluetooth signals, the one or more sensors 130 may be configured to detect other non-Bluetooth RF signals, which may include RF signals not utilized for transmission of data generated by other electrical components of skimmer devices. Heat signatures may be detected by the IR sensors and may include the IR signature of one or more batteries powering a device, which may aid in detection of skimmer devices embedded within other devices, such as ATMs, fuel pumps, and POSs. As the one or more sensors 130 perform sensing operations, sensor data may be generated and stored as the sensor data 126.
The one or more processors 102 may analyze the sensor data 126 to determine whether one or more skimmer devices are present. The one or more processors 102 may determine whether one or more skimmer devices are present by comparing the sensor data 126 to the reference data 124 to determine whether the sensor data 126 indicates the presence of a skimmer device. For example, if information received from the infrared sensor 134 matches a heat signature of one or more batteries known to be used in skimmer devices, the one or more processors 102 may detect that a possible skimmer device is present. It is noted that the presence of a heat signature corresponding to one or more batteries may indicate the presence of a possible skimmer device because the scanned device, such as an ATM or fuel pump, may not include batteries and the presence of a heat signature associated with batteries in such a device may indicate a foreign device has been embedded within the scanned device. A display device of the skimmer detection device 100 may be configured to display information associated with information feedback of the one or more sensors, such as the IR sensor. For example, the display device may be configured to show an outline of one or more batteries detected within a device by the IR sensor. As another example, certain Bluetooth signals may indicate a possible skimmer device is present (e.g., if a Bluetooth signal is present that is not associated with a device operated by the proprietor of the location where the signal was detected and persists for a period of time). It is noted that the specific examples described above for detecting the presence of a possible skimmer device have been provided for purposes of illustration, rather than by way of limitation and that skimmer detection devices operating in accordance with embodiments of the present disclosure may utilize other types of sensor data and sensor data characteristics to detect the presence of a skimmer device.
After analyzing the sensor data 126 and the reference data 124, the skimmer detection device 100 may generate an output that indicates whether a skimming device is present. The output may be displayed at the display device 106 and may include information that indicates a classification of a skimming device. For example, having detected a possible skimmer device, the skimmer detection device 100 may determine a classification of the skimming device. The classification may indicate a confidence level regarding the presence of the skimming device. For example, a first confidence level may indicate a skimmer device is not present, a second confidence interval may indicate a skimmer device is possibly present, and a third confidence level may indicate that a skimmer device is definitely present. The information that indicates the classification of the skimming device may include a color coded indicator, where different colors of the color coded indicator correspond to different classifications of the skimming device (e.g., green means no skimmer device is present, yellow means a skimmer device is possibly present, and red means a skimmer device is definitely present). It is noted that other forms of indication, such as text, numeric indicators, sound indicators, and the like may be used to provide the output or supplement the output with additional information. If a skimmer device is detected as being possibly present or confirmed present, the user may forgo conducting a transaction at the scanned device (e.g., if the user is a consumer) or may examine the scanned device to locate and remove the skimmer device and/or confirm whether a skimmer device is present.
In an embodiment, the skimmer detection device 100 may have a small form factor. For example, the skimmer detection device 100 may include a housing that is approximately 4 inches long, 3 inches wide, and 1 inch thick. As another example, the skimmer detection device 100 may be embodied as a wand or other handheld and portable device that may be easily carried by a user. In an embodiment, a plurality of skimmer detection devices 100 may be deployed in an area, such as around fuel pumps of a fueling station or ATMs, forming a network of skimmer detection devices. Each of the skimmer detection devices may be communicatively coupled to a network to enable communication of sensor data to a central computing device for analysis. For example, when a skimmer device is detected, the skimmer detection device that provided the sensor data that was used to detect the skimmer device may be identified and the location of the detected skimmer device may then be known and action taken to mitigate the use of the skimmer device.
As shown above, skimmer detection devices configured in accordance with embodiments of the present disclosure facilitate robust detection of skimmer devices, such as to detect skimmer devices that utilize wireless communications (e.g., Bluetooth skimmer devices) as well as skimmer devices that may not utilize wireless communications (e.g., skimmer devices that must be physically retrieved to obtain the captured data). Further, the skimmer detection device enables detection of skimmer devices that have been embedded within other devices, such as ATMs and fuel pumps, thereby enabling detection of the skimmer devices by individuals (e.g., consumers) who may not be able to examine a POS to determine if a skimmer device has been embedded therein.
Referring to
Referring to
As shown in
At step 320, the method 300 may include, at step 320, receiving, by the processor, sensor data from the one or more sensors subsequent to the activating and at step 330, storing, by the processor, the sensor data in a memory. In an aspect, the sensor data may not be stored at the memory, or at least one permanently stored (e.g., at a database). At step 340, the method 300 may include comparing, by the processor, the sensor data to reference data stored in the memory. At step 350, the method 300 may include determining, by the processor, whether the sensor data includes information that indicates the presence of the skimming device proximate to one or more devices based on the comparing. As described above, the reference data may include information associated with one or more signatures characteristic of skimming devices (e.g., if the sensor data matches a signature in the reference data the sensor has likely detected a skimming device). The one or more devices for which a skimming device is detected to be proximate to may include ATMs, fuel pumps, POS devices, or other devices that are distinct from the skimming detection device and present a possible device where a skimming device would be deployed.
At step 360, the method 300 may include generating, by the processor, an output that indicates whether the skimming device is present. As explained above, the output may indicate a classification representative of the likelihood that a skimming device is present. Such classifications may include a first classification that indicates a skimming device is not present, a second classification that indicates a skimming device is likely present (e.g., assume the scanned device, such as an ATM, fuel pump, POS, etc., has been compromised), and a third classification that indicates a skimming device has been confirmed to be present. The different classifications may be indicated in the output via color coded indicators, such as a green indicator for the first classification (e.g., no skimming device detected), a yellow indicator for the second classification (e.g., a skimming device is likely present), and a red indicator for the third classification (e.g., a skimming device is confirmed to be present).
Although embodiments of the present application and its advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims. Moreover, the scope of the present application is not intended to be limited to the particular embodiments of the process, machine, manufacture, composition of matter, means, methods and steps described in the specification. As one of ordinary skill in the art will readily appreciate from the disclosure of the present invention, processes, machines, manufacture, compositions of matter, means, methods, or steps, presently existing or later to be developed that perform substantially the same function or achieve substantially the same result as the corresponding embodiments described herein may be utilized according to the present invention. Accordingly, the appended claims are intended to include within their scope such processes, machines, manufacture, compositions of matter, means, methods, or steps. Moreover, the scope of the present application is not intended to be limited to the particular embodiments of the process, machine, manufacture, composition of matter, means, methods and steps described in the specification.
This application claims the benefit of priority of U.S. Provisional Patent Application No. 62/831,607, filed Apr. 9, 2019, which is hereby incorporated by reference in its entirety.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/IB2020/053286 | 4/6/2020 | WO | 00 |
| Number | Date | Country | |
|---|---|---|---|
| 62831607 | Apr 2019 | US |
