POS Skimming: Bad News for Banks and Merchants

Tuesday, June 12, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

EFTPOS skimming has become increasingly prevalent over the past few years.

EFTPOS skimming—which stands for “electronic funds transfers at the point of sale”—involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server.

In one such case, Romanian hackers are alleged to have remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million.

The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.

Officials report a wave of credit and debit card attacks, involving point of sale terminal swapping, data skimming, and hacking into payment processors.

The U.S. Secret Service, for example, will not disclose details about specific cases, but confirmed, “they are conducting a multi-state, multi-country investigation into this string of crimes.”

Meanwhile, the Oklahoma Bankers Association has stated, “It is beyond apparent our bankers are taking great losses on these cards and we also need to explore creative ideas to mitigate these losses. It is in the best interest of retailers, bankers, processors and card providers to find ways to limit these losses so that debit and credit cards can remain a viable method of payment.”

When the use of these stolen credit cards goes online, services like iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks.

Device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds.

These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses POS skimming on CBS. Disclosures.

Possibly Related Articles:
15716
PCI DSS
Banking
fraud PCI DSS Banking Cyber Crime Skimming hackers Device Reputation Merchants EFTPOS
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.