Brian Krebs reports on a new wrinkle in ATM skimmer design: if the ATM is in its own lobby, crooks can steal your card number and PIN without ever touching the ATM. Instead, they attach the skimmer to the door-lock (you know those doors that only open if you swipe your card?) and then use a hidden camera to record you keying in your PIN. Clever, in a horrible way, especially since ATMs in their own lobby feel more secure.

On July 24, 2009, California police officers responded to a report that a customer had uncovered a camera hidden behind a mirror that was stuck to the wall above an ATM at a bank in Sherman Oaks, Calif. There were two ATMs in the lobby where the camera was found, and officers discovered that the thieves had placed an "Out of Order" sign on the ATM that did not have the camera pointed at its PIN pad. The sign was a simple ruse designed to trick all customers into using the cash machine that was compromised.

Bank security cameras at the scene of the crime show the fake mirror installed over the ATM on the right…

The attackers hitting this ATM were either very persistent, or varied: A source familiar with the July 24 incident said this particular door lock would be stolen and modified a total of nine times in 2009.

The camera used in this attack retails for about $150, can record up to 2 GB (about two hours worth) of video, and runs on a rechargeable lithium ion battery.