August 18, 2016

Protecting your payment terminals from card skimmers



Skimmers, the “malicious card readers that grab the data off the card’s magnetic stripe attached to the real payment terminals so that they can harvest data from every person that swipes their cards,” are most commonly found at ATMs, but earlier in 2016, retail giant Walmart found itself victim of skimmer installation on the self-checkout lanes at two separate locations.

In early May, skimmers were found at a Viriginia Walmart after at least 37 members of a local credit union experienced large, unauthorized account withdrawals. Police reported the skimmers had been installed since as early as March. Then a skimmer was found on a Walmart payment terminal in Kentucky after being installed for a week.


According to cybersecurity expert Brian Krebs, the skimmers installed in these breaches are designed to overlay directly on the existing payment terminals. They worked by recording the data stored on a card’s magnetic stripe and capturing users’ PIN numbers.


What about those customers who didn’t swipe and type? Because Walmart has installed chip-enabled card readers and has been requiring chip card-holding customers to dip rather than swipe since 2015, their information was likely much more secure. “Chip-based cards are more expensive and difficult for thieves to counterfeit, and they can help mitigate the threat from most modern card-skimming methods that read the cardholder data in plain text from the card’s magnetic stripe.” said Krebs.


Not all of your customers have EMV-ready cards, so what can you do to protect your business from skimmers? These tips for consumers from the Council of Better Business Bureaus can be modified for retailers looking to stay secure:


Consumer tip: Protect your PIN.

Retailer application: Reconfigure your checkout lanes or line formation so customers aren’t waiting directly behind one another, and check regularly for hidden cameras installed to view your PIN pads.


Consumer tip: Look for signs of skimmers, and be wary of anything that looks “off.”

Retailer application: Make sure your employees are trained to spot the signs of skimmers (like tape used to attach an overlay device) and regularly inspect your machines – visually and with some good, old-fashioned wiggling.


Consumer tip: Use chip readers when available.

Retailer application: Prioritize deployment of EMV readers at your payment terminals if you haven’t already.


Bonus consumer tip: Consider cash – skimmers can’t steal that or your personal information!

Retailer application: The Federal Reserve tells us that 40 percent of transactions in their payment study were in cash, so make sure you know what it costs you to accept it.


EMV has been a challenge for many retailers, and until all consumers have EMV-ready cards and your entire enterprise is EMV-compliant, the potential for skimming still exists. Protect yourself and your customers by preventing skimming from happening in your stores.


Image: iStock