PIN pad skimming is one of the most ingenious and costly forms of card-based fraud. Whether used on an ATM or on a point-of-sale (POS) terminal, the basic con is the same:
- Step 1: The criminal installs a hidden recording device that’s able to read the magnetic stripe on the back of credit and debit cards.
- Step 2: The thief also installs a fake keypad overlay that looks and feels exactly like the terminal’s real keypad.
- Step 3: Customers swipe their plastic and key in their PINs — not knowing that the POS reader or ATM slot has been compromised.
- Step 4: The criminal returns later to uninstall the skimming gadgets and transfer all the stolen data to his or her computer. Some thieves can even wirelessly transmit the information without making a return trip.
The beauty of POS skimming is that it is very difficult for customers or merchants to know when a card reader has been altered. PIN pad skimming devices have been discovered nearly everywhere, including at some of the biggest and most trusted retailers — from Walmart to Safeway.
The problem has become so bad that PIN pad skimming is responsible for an estimated $2 billion in annual losses. With absent major security upgrades by banks, retailers and the card industry, those numbers will likely grow.
Protecting Yourself From PIN Pad Skimming?
There was a time when you could easily detect POS skimmers or tampered ATMs. The attachments were visibly clunky, and you could loosen them with a gentle nudge. Yet today's technology is far more sophisticated — as this video illustrates. Even jostling a terminal won't necessarily reveal any foul play.
However, it’s possible to significantly reduce your exposure to this common fraud.
PIN pad skimming relies heavily on magnetic stripe technology, but by using EMV (Europay, MasterCard and Visa) credit cards and readers, you and your customers benefit from an extra layer of security. This is because these newer forms of plastic come with embedded chips that are very difficult to clone or steal. To make a purchase, the customer must “dip” (not “swipe”) the security chip into the EMV reader, making it much harder for compromised terminals to capture any data.
Even if a fraudulent reader could read the chip, the data would be meaningless. This is because EMV cards use dynamic single-use values for each transaction.
In markets that have already adopted EMV technology, in-store retail fraud has plummeted. From 2004 to 2012, for example, the United Kingdom witnessed brick-and-mortar card-based fraud decrease by 75 percent.
However, there’s a catch:
Most EMV credit cards still come with magnetic stripes that allow them to be swiped on older terminals. Any time EMV plastic is used on a legacy reader, there is the potential that hard-coded account information can be stolen.
To protect yourself, you should avoid merchants that haven't upgraded to an EMV reader. Unfortunately, this is sometimes easier said than done. According to some estimates, only 20 percent of stateside POS terminals are EMV-ready. You may want to use cash instead — preferably withdrawn from a bank teller and not an ATM.
How BluePay Can Help Protect Your POS System From Skimmers
At BluePay, we specialize in payment security and fraud protection. To reduce your exposure to PIN pad skimming, we can help update your payment environment to the more secure EMV standard. We can also help you integrate near field communication (NFC) technology that will allow you to accept Apple Pay, Android Pay and other contactless payment methods.
To learn more about our secure payment solutions for retailers and POS cashiers, contact us today for a free consultation.