Top 4 Skimming ThreatsFrom Hand-Held POS Devices to Dummy ATMs
#1: Hand-Held POS SkimmingThe most common type of skimming attack is usually perpetrated by insiders -- a store clerk or waiter who uses a hand-held skimmer device that copies the cardholder data when a customer's card is processed. Once the thief has gets the data from the magnetic-stripe, it's downloaded it to a computer. From there, the card details are duplicated to create so-called "white" cards.
#2: POS 'Swaps'Retailers are getting hit by so-called point-of-sale swaps, which involve a fraudster trading out an existing POS device with one that has been manipulated to skim card data. This type of attack is what led to the compromise of debit and credit cards used at Hancock Fabrics, as well as other retail locations over the six months.
#3: ATM and Unattended Self-Service Terminal SkimmingATMs are compromised with skimming devices are placed over the ATM's card-reader. In some cases, other parts of the ATM fascia are covered, to better disguise the skimmer. The skimmer may rely on Bluetooth or cellular technology to remotely transmit card data. Fraudsters often double their efforts with the installation of pinhole-sized camera in brochure holders, light bars, mirrors or speakers to gather PIN details as they are entered. Once the fraudsters collect the PINs and the card numbers, they have enough information to compromise the cards. Pay-at-pump self-service petrol pumps also are susceptible to this type of attack. Authorities have investigated numerous reports of skimming at unattended self-service terminals in different parts of the United States. Separate pay-at-the-pump skimming attacks in Florida and Utah at more than 180 gas stations show the ease with which criminals can install skimming devices on self-service gas pumps and other unattended self-service terminals.
Pay-at-the-pump terminals are vulnerable, namely because they are relatively easy to access. The continued use of default codes or entry for access to the pump's enclosure make them easy targets. Criminals posing as technicians can easily access the terminal and install a skimming-like device inside the enclosure, which is undetectable from the outside. Once installed, these devices are connected directly to the terminal's key pad and card reader, so they collect all of the card data that is swiped and PINs that are entered.