According to the report the bad guys "tend to attach skimming devices either late at night or early in the morning, and during periods of low traffic ... [and usually only leave them] attached for a few hours."
And the advice that the "protective security advisor" offers to those managing ATMs? He has several suggestions but allow me to summarize: Know thy ATM.
This is, of course, a poor solution because it assumes that those charged with the care and feeding of ATMs will be diligent and painstaking. While a percentage might well be, we know for certain that in a large population of these workers at least a few will not.
Second, what they are trying to do is work around a fundamental design flaw. If you can't easily distinguish a modified machine from one that hasn't been, then mistakes will be made even by the most diligent ATM wranglers and security will be breached.
Here we have a classic risk management problem: We've rolled out a solution that is in wide use and, unfortunately, we have now identified a serious problem.