Skimming continues to rise at point-of-sale (POS) terminals

  • Team Omega
  • May 12, 2016

skimmer-largeGet in touch with Omega now or call 636-557-7777.  We will help you with your data security needs.

Why is skimming at POS devices so appealing to hackers?

POS machines are easy targets and the returns are good as well. The hacker can steal the card information that these skimmers collect, create new cards, and use them to withdraw cash from ATM machines. Unattended terminals and self-checkout terminals are easy game for an offender. The known practice is criminals make swift moves within one geographic location, then shift to a different area.

The actual placements of the skimming devices most often occur during slow business times. Usually a couple people or more enter a store, and while one blocks the POS machine from clear view, the other places the skimmer.

Here are some suggestions made by VISA to prevent skimming device installations; and tips on detection and response.

For prevention:

  1. Keep track of 3rd parties claiming to be repair services. Verify who they are before allowing them to carry out the repairs.
  2. Train store employees to be vigilant of traffic and constantly keep an eye on the POS machines.
  3. Know where the machines are located.
  4. Keep a list of the devices with their serial numbers handy..

For detection:

  1. Physically inspect the machines 2 to 3 times every day.
  2. Shaking the machine is also recommended so there are no rattling noises that may point to a skimming device installed.
  3. The more sophisticated thief uses devices that are Bluetooth enabled so data can be captured remotely.

For response:

  • If you suspect foul play, do not physically try anything on the machine.
  • Inform the local police, FBI to recover the device.
  • Safeguard the video camera to look at evidence captured.
  • Start the Incident Response Plan and put it into action.

Having worked with several compromised retailers, Omega can help with your stores’ data security and PCI requirements, including incident response plans, and policies and procedures for PCI DSS 3.2.  Get in touch with us now or call 636-557-7777.