When Cisco chief executive John Chambers extols the virtues of the so-called Internet of Things, this clearly isn't what he has in mind.
Criminals engaged in skimming – stealing people's payment card information by tampering with ATM PIN pads and credit-card readers – are now exploiting wireless technology to pull off their schemes more easily, according to a report from Verizon that examined data breaches from 95 countries.
While cybercriminals are known for stealing reams of information from the comforts of their home, skimming requires a lot of physical effort on location. For example, thieves must visit the targeted ATM and install a fake PIN pad designed to trick consumers into providing card information. Security blogger Brian Krebs has long covered skimming and has images that show how realistic some of the devices look.
Then the scammers must retrieve the data, usually by returning to the sceneto uninstall the false fronts they've placed on the machines. All of this must be done without drawing attention from workers, customers or anyone walking by.
But now, hackers are modifying their methods by using internet connections to send the contraband to themselves via emails and text messages that travel hundreds of metres or even across oceans, according to Bryan Sartin, director of the team that investigates data breaches for Verizon.
''Data breaches on the whole are getting less sophisticated and more repetitive, and this is one of those few areas where you see things getting more complex – it's definitely keeping us on our toes,'' Sartin said. ''It just blows you away how sophisticated these folks are in thinking this stuff up.''
Most skimmer attackers in 2013 were from Bulgaria, followed by Armenia, Romania, Brazil and the United States, according to the Verizon report, which looked at a total of 130 incidents from last year. The breaches mostly involved ATMs and petrol station credit card readers.
While skimming is a tiny fraction of overall cybercrime, the techniques being used highlight the lengths hackers are willing to go to circumvent data-security protections. They want debit-card numbers and PINs, which are usually encrypted by the time they hit a retailer's server. That means the attacker must steal the data earlier.
''If you can get ahold of those two, that's the holy grail for the crook because it gives direct access to cash,'' Mr Sartin said.
To that end, Mr Sartin said PIN pads can be found with tiny circuit boards and memory chips that were soldered with a high degree of sophistication.
The criminals will even try to gain access to the ATMs or payment machines by infiltrating the companies that service the devices in order to scout targets. Criminals have even posed as technicians, under the pretence of coming out to fix a real problem with the machine, Mr Sartin said.
''Sometimes they actually repair the problem and in the process plant something like this.''