While I've seen skimmers that cover the entire front of the ATM, it boggles my mind that the credit card acceptor isn't designed to be flush with the front face. That would make it much harder to plant an additional device on top without it looking more conspicuous.
The 'green eye' card slot show in the video is actually designed like this in order to make it harder to hide a skimming device in the slot.
It doesn't help though, ATM skimming is just so lucrative that they can easily spend a couple of thousand dollars on a skimming device. It pays for itself after less than a day of 'deployment'.
Thats also the reason why removing a skimmer by yourself is always a _very very_ bad idea. There is a good chance that the owner of that device is very close. If its a non-wireless skimmer (like most of them are, only few have GSM or bluetooth) the criminal has to retrieve it to collect his loot. If he doesn't, he'll looses thousands of dollars. You might get stabbed for this. Better alert the authorities and let them handle it.
As somebody already mentioned, Brian Krebs has many very interesting posts about skimming technology, like this one about a similar skimming device:
Yeah I don't know why they have designed the card readers this way. It conditions the user to expect a ridiculous thing slapped on the front of the machine. In my opinion it makes it much easier for the skimmers.
I am curious if the stripe can be retained only for orientation and then have something embedded in the holographic image so many cards use that can be visually read. Kind of like a fixed CD
Chip cards use challenge-and-response with an embedded secret key and can't be cloned. (well, unless your bank so helpfully puts the card number+name in plaintext on the chip, as some do)
Eh not really skimmers are always going to be cheap to produce compared to what you can get in return.
You can't just change the tech of the cards because it needs to allow people from all over the world to use an ATM and most importantly you can't switch over ATM's and credit cards every few years that alone would cost more than what is lost to skimmers.
ATM's need to be reliable and consistent that actually makes it easier for both end users to detect skimmers and for ATM manufacturers to make them more resistant to skimmers.
Just to drive the point home ATM skimmers with the ability to read or probe the chip & pin were implemented before any chip & pin ATM's were out there it was simple enough to do in real time by just inserting an additional shim that would touch the smart card interface on your bank card.
The skimmer shown in this video is a fairly basic one there are already skimmers with NFC and Chip & Pin capabilities that read out the pin pad in real time to process a direct charge transaction while you use the ATM (they don't care about stealing your Track 1 and Track 2 data).
The ways of reading the pads vary from using cameras that are not that different from the kinect one to laying a thin touch sensor over the keypad to actually running a differential capacitive touch analysis on the metal keys as they are grounded.
A single skimmer in a tourist spot can be used to access 10,000's of accounts over a single weekend with that financial incentive the cost of the skimmer can almost be ignored.
The cost of the skimmer is insignificant, but the labor to replace it adds friction and is going to reduce the number of active skimmers. To replace the removed skimmer will also expose the criminal to more risk of getting caught, especially if the police are aware of the removal and can set up a sting or something.
So while the economic ROI is so high the behavior will continue, it does slow them down.
Not a complete fix by any means, but adding friction to their criminal behavior.
It's not a fix both cards and ATM's have to serve the lowest common denominator you can't just replace billions of cards and millions of ATM's every few years because of skimmers.
The labor to replace skimmers is already not an issue skimmers do not last for years, or even weeks most of them have a battery that only lasts for a few days and they are put at strategic locations usually hot spots around big venues or events.
From my understanding the new chip cards are, in effect, smart cards meaning that after the first use, the information collected is useless. Whereas with a magnetic stripe the CC #, CVV #, expiration date, and name are all transferred plaintext.
Your understanding is incorrect.
This is just one example [0] there are many ways to skim Chip & Pin (EMV[1]) cards, even if you build a card which cannot be cloned through active or passive monitoring of the ICC component you can still perform at least 1 illicit transaction by proxying to it.
The same holds for NFC skimmers which are now becoming more and more relevant and popular especially with the commercial availability of ultra-low-power and ultra-compact wireless SOC's.
If some one was wondering what are things like ESP8266[2] that give you WiFi connectivity with less than 1mW standby draw while being the size of a quarter are good for; if nothing less they are a pretty damn good platform for real time NFC or ICC skimming.
"Flush" here is used when something is at exactly the same level as a flat surface.
For example, if you take two tables of the same height, and push them together, their surfaces will be "flush".
Or, if something is embedded inside a surface, so that it sits at the same level as the surface. The slot on some optical drives is a good example of a slot that is "flush" [1].
So on an ATM a "flush" slot would be one that is just a plain slot in the flat plastic surface of the ATM, without any anti-skimming device which sticks out the front.
Like the other people are saying, it means" flat" or "broken outer surface".
Are you familiar with poker? We have another use of the word `flush` in that context, https://en.wikipedia.org/wiki/List_of_poker_hands#Flush where all of the cards are the same suit. So it's a similar use of flush in this instance, that everything is the same. It's similar to this thread's use of "flush".
We should not forget that flush also refers to the time when a person's face becomes red.
As in, your face will go flush if you realize your credit card reader is not flush because you might have just flushed all your winnings from having a poker flush down the toilet.
Please keep comments constructive. This does not help the original questioner, who may not understand why it isn't a fantastic analogy. Please either refrain from the negative commentary, or enhance the conversation by clarifying why you feel it is lacking.
In this case the poker analogy is terrible because in this case flush is talking about a physical surface being unbroken while poker is talking about a collection of items all being the same.
"Flush" in the poker context has more to do with definitions 1 (Abundantly full. In later use chiefly of a stream, etc.: Full to overflowing, swollen, in flood.) and 3 (Plentifully supplied (esp. with money).) rather than 5 (Even, level, in the same plane with / Even or level with the adjacent surface.).
To be "flush with money" is to have a lot of money---in poker, to be flush with hearts is to have 5 hearts.
I know others have already answered, but I found this learner's diction version of the Merriam-Webster dictionary (and it looks a lot better than their normal site anyway).
Scroll down to the 4th listing, which is the adjective version. "even or level with another surface"
So the original poster meant that he thought the card reader should just be completely even or level with the front of the machine. I guess that would just be a plain slot.
I agree. Have a smooth front with a flush slot and show on the screen a picture of what the ATM should look like so you can compare to see if there are any protruding bits that shouldn't be there.
Even if it was flush, people are so used to seeing ones that stick out it wouldn't matter. I wonder if it's possible to demagnetize certain cards so they only use chips.
