Author: alien

Stealing account data from a credit card and duplicating the information into another card for fraudulent purposes is called ‘skimming.

Small business owners need to be cautious of something called credit card ‘skimming’. It affects credit card holders, business owners, and merchants as well. It is very important to understand how ‘skimming’ works. First, let’s find out what exactly this skimming activity is all about.

Stealing account data from a credit card and duplicating the information into another card for fraudulent purposes is called ‘skimming.’ During active and legit transactions, card holders (and most of the times retailers too) are completely unaware that the card’s data is being stolen. A consumer walks into an ATM or a gas station and uses their credit card for withdrawal or for making a payment. And while a transaction is in process, all data (including account number) is transmitted electronically to another card reader. These tricky card readers are often carefully hidden and attached to the POS (point-of-sale) devices. Data from a legit credit card is mapped to another card, and soon that counterfeit card is prepared to be used anywhere in the world. Affected cardholders receive updates after the damage has occurred. This is a grim scenario.

HOW IS CREDIT CARD SKIMMING DONE?

Unauthorized card readers are attached in front of actual card reading slots of ATMs and other POS devices, at places like gas pumps or wherever credit card transactions are done. Credit card information is captured by these card readers as cardholders attempt to use the machines in front of them. There have been instances where skimming devices were found on the doorframe slots of ATM vestibules. Unsuspecting consumers dip their card into such rigged doorframe slots to open the door, and within a few seconds, their card information and account details get stolen.

Many times, the skimming devices capture information from ATMs while legit transactions are in progress. These devices can also be placed in the pinholes set for video cameras in ATM machines. And, at times, fraudsters can even use a secondary keyboard laid over the original keyboard to capture the card’s PIN (personal identification number).

Card skimmers either work alone or in groups. They usually befriend corrupt employees working in cafés, restaurants, and bars, etc.; or sometimes take a temp job at such places. Who will suspect a legit employee at these places while handing their credit card! The technique and strategy works well and has been successful for a long time.

Skimmers shrewdly conceal their skimming devices within or close to the POS equipment, and collate data as much as possible. There are handheld skimming devices too, which can be easily hidden in a pocket. Then, certain ‘gifted’ fraudsters are known to use sleight of hand for skillfully swiping a credit card, right under the nose of its cardholder. Skimmers use all sorts of ways to strip data from the magnetic stripes set behind credit cards. The stolen data opens door for illegitimate purchases which can be done online or in-person.

Often, such fraudulent transactions go undetected for a long while. Usually, cardholders realize the problem once they get their card’s monthly statement. Those consumers who don’t bother to regularly check the monthly statements find their cards utilized up to the worst limits. This is the reason why banks emphasize on reviewing credit card statements on a monthly basis, and ask for immediate reporting of suspicious transactions.

HOW FAR HAS THE SKIMMING ‘BUSINESS’ GONE?

According to a report pulled up in 2010, credit card skimming causes losses in the billions. In the U.S. alone, the approximate loss comes up to $8B annually! 80% of the frauds are conducted using ATMs.

Banks, merchants and government agencies have adopted many security policies and techniques to fight skimming. Still, a most recent report shows the loss of $2B due to financial data breaches – money stolen through credit and debit cards. Keep in mind that this figure does not include the losses borne by merchants. This amount is for cardholders only. If merchant losses are to be included, then the figure would shoot up to tens of billions… and that too in a year!

According to a research, data theft of credit cards in the U.S. is mostly perpetrated by organized gangs belonging to various countries. The research also mentioned that Eastern Europe seems to be a thriving market (black market) dealing in skimming equipment. And not just equipment; but of late, even financial data is brought and sold on a regular basis.

Agencies, responsible for apprehending skimmers, say that most of the times it becomes difficult for them to authenticate fraudulent transactions since many financial institutions maintain a discreet position when asked for an assessment. According to the concerned agencies, skimmers have also started strongly focusing on debit cards – a faster way to get hands on cash.

Frauds through debit cards (using PINs) have quintupled, given the banking industry data. Crooks are successfully managing to acquire debit card PINs through skimming and data-recording via ATMs.

WAYS TO PROTECT SMALL BUSINESSES FROM THE CLUTCHES OF SKIMMING

Many businesses have fallen prey to skimmers. Despite the measures you take, there are chances of your business becoming a victim of skimming. In such situations, there are security programs to safeguard your business from the disastrous impact of data breaches (physical and virtual).

These security programs are designed to help businesses handle the expenses occurring due to actual and suspected breaches. No matter what your business’s PCI compliance status is, expenses associated with data breach will be taken care of (as long as there’s no evidence of your involvement in the breach).

Usually, financial damages for small business incurred from data breaches escalates to the range of $25,000 to $50,000. In some situations, the damages can even exceed this range. Such losses can easily lead most small businesses to a permanent shutdown. But these disasters can be avoided by opting for data breach coverage tools, which are not only comprehensive but affordable too. Most security programs cover credit monitoring, card replacement costs and other relevant expenses. Many merchants are now shifting to EMV enabled billing instead of magnetic strips. EMV is much safer than magnetic strips, and can prevent huge losses. Customers also prefer EMV cards these days as they offer a safe transaction.

Don’t let issues like credit card skimming and data breaches affect your valuable business. Take the right and required measures as soon as you can.

EMV – the term is getting popular and you might have heard about it. It is considered as a safer option than “regular” magnetic strip credit cards.

What is EMV?

EMV stands for Europay, MasterCard, and Visa. It facilitates interoperation of cards that have an IC chip in them. EMV cards are replacing traditional credit and debit cards in many parts of the world.

How does it work?

EMV uses the code that is embedded in the chip on the card. Any typical EMV works in these steps:

• Contact: The cardholder touches the chip of the card to the reader. However, in contactless EMV, the user just has to wave the card in front of the reader (within a distance of 4cm).

• Encoding: The reader powers the chip, which allows it to access the encrypted information. This generates a cryptogram which is sent for verification to the processing host.

• Decoding: The host processor decodes the encryption and verifies the EMV, then it sends an authorization cryptogram that allows the transaction.

After the process has been done, the merchant verifies the signature of the card holder to validate the transaction.

The chip based EMV card system makes both offline and online card transactions more secure. EMV cards come with an IC chip that eliminates the magstripe swipe. It uses on-card encryption.

 

Advantages of the system

Besides Canada, countries in Europe and South America have already implemented the EMV system. EMV adopters in Europe saw a 67 percent decrease in card related fraud during the very first year of the implementation of the system. Participants in Canada have also reported similar success.

Meanwhile, there is a substantial increase in card related fraud in the US. The country has been slow to implement EMV. Needless to say; card frauds, identity thefts, and data security violations grabbed a lot of headlines in recent times.

Since internet based online payment systems are always under attack, we need stronger security measures. Any institution that hasn’t implemented the effective multifactor authentication method is at risk. Events like Target data breach further exposed the vulnerability of the existing system. Luckily, the situation is improving as more institutions have recognized the advantage of EMV.

EMV is being rolled out in the US, and will become the major card technology in the year 2015. Presently, about 1%-5% credit cards have EMV, and you should prepare yourself because the EMV adoption is going to skyrocket in the coming years. Last year; MasterCard, American Express, Visa, and Discover began to roll out the EMV rules. These rules have had an impact on transaction processors, merchants, issuers, and just about everything that is directly or remotely associated with the transaction.

EMV isn’t only about a card with a built-in chip. It is the technology that makes the difference. Since EMV will have an impact on the customer experience, all companies should develop a plan to implement it.

After the Target data breach, card processors are taking too long to issue new cards. Because of this long wait, more customers are now getting drawn towards the EMV chip.

Offer your customers a safe environment for financial transactions. More and more people will adopt EMV in the coming years. Are you ready for EMV enabled customers? Those who adopt the system early will have an edge over those who are late to the party.