Wednesday, February 23, 2011

PCI Related News – Card Skimming

Something that is not mentioned as much these days is the fact that some of the earliest credit card number thefts involved different methods of modifying the credit card pin pad units. With changes to the pinpad units, the number of incidents of this type of card number theft has dramatically declined. There are several things that you should do to prevent credit card skimming from occurring at your location.


The most likely targets of this type of attack are self-service, unmanned, unused and exterior payment terminals. Criminals will attempt to steal, modify and replace the terminals during less busy periods then return to swap the terminals to harvest the recorded credit card information. Newer methods have been to swap the terminals once with a modified unit that can send or even wirelessly transmit the card data to locations outside of the store. This all makes knowing what units you have in use, including serial numbers of those units, important so that you will be able to spot any changes. The newer pin pad devices are designed to alert you of any tampering as well.

Other methods of attack are to place readers or cameras at the point of pin number entry; a low tech method has even been to shoulder surf as the customer enters their pin number.

Recommended methods to prevent these types of fraud include using physical security, bolt the units to the counter for example, make sure you have current equipment designed to prevent or alert of tampering and train your staff to monitor and notice suspicious activity or pin pad devices that have been removed or replaced.

Here is a link with pictures and more information regarding this topic: https://www.pcisecuritystandards.org/pdfs/skimming_prevention_form.pdf