Card fraud is growing. At the root of the problem is skimming. This is a global challenge that impacts all types of card-reading machines, including ATMs and POS devices. The Secret Service estimates that in 2008 some $8.5 billion was lost as a result of skimming and phishing attacks.
A rash of attacks in Utah resulted in the compromise of 180 pay-at the-pump terminals with skimming devices and Bluetooth technology to transmit card data.When it comes to the ATM, the global financial industry has invested heavily in solutions to thwart skimming. Visa and MasterCard have mandated several security precautions, such as encrypting PIN pads and Triple DES compliance, to ensure ATM deployers adequately protect cardholder data.
But what about unattended self-service devices, which have proven to be much more vulnerable?
Case in point: The pay-at-the-pump terminal.
Pay-at-the-pump terminals are targets because they can easily be entered with universal gas keys. Once the terminals are opened, skimmers can be placed inside, away from view. In comparison, ATMs are required to have unique keys and codes for service and maintenance checks.
Let's be fair. Unless a skimming device is found, or law enforcement notifies a business that its terminals have been compromised, a typical merchant would never see the fraud. The cards are skimmed, duplicates are created, and the fake cards are used at ATMs, online and/or at retailers globally.
But does that free the merchant from bearing some of the responsibility?