Credit card thieves still profit from skimming scams and minimizing risk should be a top priority for merchants.
With today’s technological and security advances, one would think that fraudsters would have to use more advanced technologies than the seemingly antiquated skimmers to steal credit card data. But in reality, skimmers are still common; they still work, and they continue to make money for thieves. Today we have seen an increasing amount of ATM and gas pump skimmers surfacing. It’s possible that merchants are not receiving training on these scams or the technology deployed has not been updated with the latest security measures. This opens the door for risk and ultimately increases successful skimmer scams.
Today’s skimmers come in a wide variety of types including Inline, Bluetooth and GSM. Below is an example of skimming devices on ATM dip card readers and inline gas pump skimmers.
As you can see from Figure 1, it would be incredibly difficult for someone with an untrained eye to determine this is a fraudulent card reader with a skimmer integrated.
Minimizing Credit Card Fraud
Addressing training requirements, inspections and identification of customer-facing devices is a top priority to minimize credit card fraud. Dell SecureWorks has identified several devices and strategies to help answer the tough questions businesses have about protecting themselves and their customers from criminals. Some of the ways you can start protecting your business and payment devices against skimmers include:
- Inspecting the devices daily
- Installing detection systems to alert on tampered machines and/or gas pumps
- Placing ATMs in locations visible by attendants
When Law Enforcement Isn’t Enough
As a retired law enforcement agent and former member of the United States Secret Service Task Force, I have worked on these cases with both state and federal agencies. Law enforcement works tirelessly to keep up with the technology and forensics, but there comes a time when merchants need to take action.
Once a skimmer has been identified, it is critical to find the answers to these questions:
- When were you compromised?
- What cards were captured by the suspect?
- Can we assist law enforcement gather evidence surrounding the compromise?
- Do we know everything about the incident before handing it over to law enforcement?
What measures are you putting in place to protect your business against skimming devices?