Consumer Credit Card Data Hacked With Walmart SkimmersMiCamp Solutions
Card skimmers were found earlier this year at Walmart self-checkout lanes in Virginia and Kentucky. These skimmers fit over Ingenico iSC250 terminals and capture magnetic stripe and PIN pad data. The overlay is easily overlooked by both merchants and consumers because it is only subtly different than the real device.
However, Ingenico has produced a tutorial to help spot this specific skimmer. When the device has a skimmer attached, the device is larger than normal, the PIN pad backlight is blocked, and the attached stylus holder is blocked.
While EMV is designed to prevent fraud at the point-of-sale (POS), magnetic stripe data will continue to be targeted while consumers and merchants make the transition to the new EMV technology. The number of consumers with chip cards and the number of merchants accepting EMV transactions is increasing every day, but payments across the country are still processed with magnetic stripe.
Criminals are trying to steal as much money with skimming devices as they can, before skimming becomes less lucrative. “I think what we’re seeing is an indication it’s imperative we make the change,” said Doug Johnson, senior vice president of payments and cybersecurity at the American Bankers Association. “Criminals are realizing it’s a window that’s going away, and we need to make sure it does go away.”
Consumers can help protect themselves by attempting to pay using their chip first, and only swiping their card through the reader if instructed to by the merchant. Consumers should check for obvious signs of tampering. If the terminal seems different (e.g., using odd colors or materials, graphics not aligned correctly, spelling errors on the buttons, etc.), don’t use it. “Even if you can’t see any visual differences, push at everything,” Stefan Tanase, a security researcher at Kaspersky Lab, advises. “ATMs are solidly constructed and generally don’t have any jiggling or loose parts. Credit card readers have more variation, but still: Pull at protruding parts like the card reader. See if the keyboard is securely attached and just one piece. Does anything move when you push at it?”
Merchants can protect both themselves and their customers from skimming attacks like these by ensuring that they are using EMV-compliant payment terminals and by regularly checking their terminals for signs of tampering. Hire reputable companies to service or repair your terminals and inspect those terminals regularly. Criminals will frequently target terminals that are in low-traffic areas or in areas that are difficult for employees to keep an eye on (e.g., gas station pumps closer to the street and farthest away from the attendant). Inform your employees when you’re upgrading or repairing terminals – if someone approaches an employee claiming to be with a POS company for repairs or upgrades, your employees should be able to consult a vendor schedule to determine if the service is legitimate.
Securing your business against scammers and criminals may seem difficult – but it doesn’t have to be. Contact MiCamp today to learn how you can better protect your business, and your customers, from a data breach.