Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. The worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.
Skimming can occur in a few different ways. The most common is when a store clerk takes your card and runs it through a device that copies the information from the magnetic strip. Once the thief has the credit or debit card data, he or she can place orders
over the phone or online. Thieves can also copy the data on blank cards, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils
to look like a legitimate credit card, as seen in this video.
The PCI Security Standards Council provides guidelines designed to help merchants securely store and transmit card account data and prevent it from falling into the hands of criminals. Retailers who fail to comply with PCI’s standards can be fined up to
$500,000 by credit card providers such as Visa and MasterCard. PCI recently released a series of recommendations for the prevention of skimming scams. “Skimming
is becoming a widespread problem. These are guidelines for what retailers should be looking at with their reader devices”, says Bob Russo, general manager of the PCI SSC. “We discuss different techniques for protecting those point-of-sale devices.”
The PCI Council’s “Skimming Prevention: Best Practices for Merchants” guidelines include a risk assessment questionnaire and self-evaluation forms to gauge susceptibility
to these types of attacks and to determine where they need to shore up their defenses. The guidelines cover how to educate and protect employees who handle the point of sale devices from being targeted, as well as ways to prevent and deter compromise of those
devices. They also detail how to identify a rigged reader and what to do about it, and how physical location of the devices and stores can raise risk.
Thieves can completely replace a merchant’s point of sale terminal with a device that is rigged to record or divert card data wirelessly, or simply store the data until the criminal comes back and removes it. (This
is what happened to Stop and Shop.)
Criminals can also place a device on the face of an ATM, which appears to be a part of the machine. It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will
hide a small pinhole camera in a brochure holder near the ATM, in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.
A customer at a New York City bank discovered a skimming device on the face of an ATM, and went inside the bank to inform the branch manager. The manager, who had never seen an ATM skimmer and wasn’t sure what to do, took the skimmer and thanked him. The
customer then remembered, from numerous reports about ATM skimming, that there is usually a second part to the ATM skimmer, the camera. In this case, he found it behind a small mirror that alerts the ATM user to beware of “shoulder surfers.” He brought the
camera to the bank manager, who replied by saying, “Maybe we should shut that machine down, huh?” The bank manager contacted bank security, shut down the machine, and alerted other area banks.
To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s
anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation
of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader. This technology
does not require any software adjustments be made to the ATM itself, and does not connect to or affect the ATM communications network. Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens
of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.
You can protect yourself from these types of scams by paying attention to your statements and refuting any unauthorized transactions within 60 days. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your
card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or if the machine seems unusually old and run down, don’t use it. Don’t use just any
ATM. Instead, look for ATMs in more secure locations. Use strong PINs, with both upper and lowercase letters, as well as numbers.
Robert Siciliano, identity theft expert, discusses ATM skimming on Fox News.