Payment cards are extremely popular to use nowadays - whether its a debit or credit card, the convenience that they offer simply cannot be denied. Unfortunately, this convenience also makes them a promising threat vector for a scammer to use, via a device called a skimmer.
We’ll go into what makes skimming a threat, and what you can do to protect yourself.
Credit and debit cards work by storing information to the little magnetic strip that is swiped through a credit card reader. When the card is used, the merchant’s point-of-sale system reaches out to an acquirer. An acquirer is an organization that handles authentication requests from merchants, and provides merchants with a guarantee that payment will be received.
This is how things are supposed to work - but criminals have found a way to get in the middle.
Criminals will often add their own hardware to the places where payment cards are swiped, so as the device is collecting the information stored on the magnetic strip, so is the scammer. Once the skimmer has collected the data from the card, that data can be used to fabricate fraudulent cards or make unauthorized online payments. Skimmers can be found on gas pumps, ATMs, and can even be made mobile, held in some unscrupulous person’s pocket as they scam the patrons of their place of work. Hackers can create virtual skimmers that steal information from online checkout pages - or that make it easier for them to skim credentials from physical devices, without the need to return to the scene of the crime.
Once payment card details have been collected, there are a few ways that a cybercriminal can profit from them. The most obvious way, of course, is for them to buy things with the stolen card, sticking the victim with the bill. However, this information can also be sold on the Dark Web.
There are a few different means of protecting oneself, many of them put into place by card providers themselves. For instance, many cards now come equipped with computer chips to contain this data, a more secure option than the magnetic strip. In October 2015, it was determined that - if a store is still utilizing “swipe” methods - a store will be liable for any fraud that takes place. At the very least, this encouraged many to update their POS infrastructure (although this rule won’t apply to gas station pumps until 2020).
There are also things that you can do to keep yourself safe as well.
Before you swipe your card, consider your environment… ATMs and kiosks located in different places will have different levels of inherent security. Remember, many skimmers need to be manually installed, which will be much more difficult for the cybercriminal to accomplish unnoticed in, say, a bank lobby than it would be in the back corner of a convenience store.
Technology has afforded us more secure means of placing a payment than swiping cards. Besides, if you have another option, why risk it? Using a mobile app or touchless payment are both preferable options.
Unfortunately, you can’t always be sure who you can trust nowadays, so try not to let anyone walk away with your card if you can help it. Do your best to avoid situations where a merchant needs to take your card away from you - bring the card to them, or accompany them as far as you can.
Many banks and credit card companies offer alerts for when transactions happen. You can get a text message immediately as soon as more than a dollar (or any amount you choose) gets put on your card. While banks often have systems in place to detect fraud, you shouldn’t just rely on them.
You’ve worked hard for your money - don’t let a scammer sneak it away from you or your business. For more information on how you can protect yourself in both your personal and professional life, subscribe to our blog, or reach out to us at (415) 246-0101!