CISSP · Question #18
Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?
The correct answer is B. Secure card reader. ATM skimming involves attackers attaching fraudulent devices to card readers to capture card data. A secure card reader is the direct physical countermeasure that prevents unauthorized overlay devices from functioning.
Question
Options
- AAnti-tampering
- BSecure card reader
- CRadio Frequency (RF) scanner
- DIntrusion Prevention System (IPS)
How the community answered
(23 responses)- A4% (1)
- B91% (21)
- D4% (1)
Why each option
ATM skimming involves attackers attaching fraudulent devices to card readers to capture card data. A secure card reader is the direct physical countermeasure that prevents unauthorized overlay devices from functioning.
Anti-tampering controls detect or respond to physical interference with a device but do not specifically prevent the card data capture mechanism inherent in skimming attacks.
A secure card reader incorporates physical design features such as anti-skimming shields, jitter mechanisms (which randomize card movement to disrupt skimmer reads), and tamper-evident housings that make it physically impossible or detectable for an attacker to attach a skimming overlay device. These hardware-level protections directly address the card-data capture method used in skimming attacks at the point of card insertion.
An RF scanner detects radio frequency signals and is used for identifying wireless threats or RFID-based attacks, not for preventing magnetic stripe or chip skimming devices placed on ATM card slots.
An Intrusion Prevention System (IPS) is a network-based security control that monitors and blocks malicious network traffic, making it irrelevant to the physical skimming of card data at an ATM terminal.
Concept tested: Physical ATM security controls against skimming
Source: https://docs.pcisecuritystandards.org/documents/skimming_prevention_best_practices_for_merchants.pdf
Topics
Community Discussion
No community discussion yet for this question.