Identity Theft Expert Robert Siciliano

The PCI Security Standards Council (PCI SSC) provides a framework and in-depth guidelines on how merchants securely store and transmit payment card account data to keep it out of the hands of criminals. Non-compliance with the standards can result in fines of up to $500,000 issued by credit card associations such as Visa Inc. and MasterCard Inc. PCI recently released best practices for retailers to defend themselves against the growing number of credit- and debit-card skimming scams.

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. Also, the worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Skimming is a relatively low tech crime. It can occur in a few different ways. The most common is when a store clerk takes a wedge card skimmer and runs your card through and skims the information off the magnetic strip.

Once the thief has the credit or debit card data they can place orders over the phone or online. They can also rip the data from the wedge and burn to blank “white” cards. These white cards are effective at self checkouts or when the thief knows the clerk and they “sweetheart” the transaction. These white cards can also be pressed with foils to look like a legitimate credit card as seen in this excellent video here.

Dark Reading reports on the release of the report. “Skimming is becoming a widespread problem. These are guidelines for what retailers should be looking at with their reader devices”, says Bob Russo, general manager of the PCI SSC. “We discuss different techniques for protecting those point-of-sale devices.”

The PCI Council’s “Skimming Prevention: Best Practices for Merchants” guidelines include a risk assessment questionnaire and self-evaluation forms to gauge susceptibility to these types of attacks and to determine where they need to shore up their defenses. The guidelines cover how to educate and protect employees who handle the PoS devices from being targeted, as well as ways to prevent and deter compromise of those devices. They also detail how to identify a rigged reader and what to do about it, and how physical location of the devices and stores can raise risk.

Thieves can completely replace a merchants POS terminal at a retailer that is rigged to record or divert card data wirelessly or just store the data until the criminal comes back and removes it as in what happened to Stop and Shop Supermarkets.

In banks at ATMs criminals place a hard device on the face of the ATM that looks like the ATM. It’s almost impossible for a civilian to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often the thieves will mount a small pinhole camera on the side of the ATM in a brochure holder to extract the victims pin number. Its not just ATMs that are potential marks, gas pumps are just as vulnerable. See video of me discussing Here and another article Here

In a skim scam in NY city recently a bank customer, alert to skimming found a device on the face of an ATM and went into the bank and notified the branch manager, who had never seen an ATM skimmer and didn’t know what to do. She took the skimmer and thanked him. Then he remembered, from numerous reports about ATM skimming, that there are usually 2 parts to the ATM skimmer. One is the skimming device itself, the second is a micro-camera placed somewhere on the machine, where it records the user’s PIN. The camera is often installed in a false brochure holder thats taped to the ATM. In this case, it was behind a small mirror that alerts the ATM user to beware of “shoulder surfers.”

The alert client went back to the still operational ATM, where people were waiting in line for their cash, and noticed a tiny video camera behind an extra mirror attached to the machine, positioned right over the key pad where it could record user’s PINs. Not being a bank employee and not wanting to alarm any of the people waiting, he actually got in line, waited his turn (knowing that the skimmer was gone and nobody was in danger) and pulled the camera off the ATM.

He brought the camera to the bank manager, who replied by saying, “Maybe we should shut that machine down, huh” The bank manager contacted bank security, shut down the machine and alerted other area banks.

To help combat this crime as reported on Finextra ADT unveiled an anti-skim tool that prevents ATM skimming.

The ADT Anti-Skimâ„¢ ATM Security Solution helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

The ADT Anti-Skim ATM Security Solution:
• Helps protect the integrity of cardholders’ personal financial information during ATM transactions.
• Can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities.
• Requires no software adjustments to the ATM.
• Does not connect to or affect the ATM communications network.
• Has more than 40,000 successful ATM applications worldwide.

Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

You can protect yourself from these types of scams by paying attention to your statements. Refute unauthorized transactions within 60 days. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages, a missing security camera, or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Use strong PINs, with both upper and lowercase letters, as well as numbers. And invest in Intelius Identity Theft Protection and Prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Expert discussing ATM skimming on Fox News Here

Be Sociable, Share!