Retailers’ Point of Sale Terminals Skimmed

Monday, January 03, 2011

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Electronic funds transfers at the point of sale (or EFTPOS) skimming is a relatively new scam that has become more prevalent over the past few years.

This form of skimming involves swapping out the self-swipe point of sale terminals at cash registers, and replacing them with devices that record credit and debit card data.

Fast food restaurants, convenience stores, and clothing boutiques are being hit the hardest in Australia. Last year, EFTPOS devices at McDonald’s outlets across Perth were replaced with compromised versions designed to skim cards, cheating 3500 customers out of $4.5 million.

The thieves actually replaced the entire device you see at the counter when you order your Big Mac! The problem is so severe that officials have urged people to change their PINs on a weekly basis to prevent their entire bank accounts from being wiped out.

A similar scam was pulled off at United States supermarket chain Stop and Shop.

POS machines are particularly vulnerable because the magnetic stripe technology, which has been around for 40 years, is essentially defenseless against modern fraud techniques. Anyone can easily, and legally, purchase a skimming device for a couple hundred dollars.

This problem will continue as long as the current system of accepting magnetic stripe cards is standard in the United States. Our system needs a serious upgrade. In response to their skimming problems, Australia is turning to chip and PIN technology.

In 2009 Visa announced a four-year plan to shift all Australian cards to chip and PIN. Since this past January, all new Visa credit cards in Australia feature embedded smart chips, and in 2013, signatures will no longer be accepted at checkout.

You can’t protect yourself from this type of scam. But you can recover any losses by paying attention to your statements and refuting any unauthorized transactions within 60 days.

And when swiping your card at any POS terminal, be alert for any details that seem unusual. If you notice anything odd about the machine’s appearance, such as wires or error messages, or if your card gets stuck, don’t use it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. (Disclosures)

Possibly Related Articles:
16576
PCI DSS
PCI fraud Skimming Credit Cards POS Mag Stripe Chip and Pin
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.