Some cybercriminals are updating their payment card skimmer devices to include Bluetooth, enabling them to steal data in real time using nothing more than a smartphone.
Security researcher Brian Krebs detailed the operations of one specific skimmer that neatly fits over the top of an Ingenico iSC250 point of sale terminal. The skimmer is a self-contained unit with its own battery power that can grab card data and then send it to a phone or other mobile device that is within range. Maximum Bluetooth range is about 100 meters, according to the SANS Technology Institute.
This would allow a thief to either sit and collect the data, leave the phone running nearby and return at a later or the more likely scenario has the skimmer can store up the stolen information and the thief downloading it later.
This overlay skimmer can be spotted as it’s slightly larger and the keyboard is not backlit.