POS Skimming—Bad News for Banks and Merchants

EFTPOS skimming has become increasingly prevalent over the past few years. EFTPOS skimming—which stands for “electronic funds transfers at the point of sale”—involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server.

In one such case, Romanian hackers are alleged to have remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million. The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.

Officials report a wave of credit and debit card attacks, involving point of sale terminal swapping, data skimming, and hacking into payment processors. The U.S. Secret Service, for example, will not disclose details about specific cases, but confirmed, “they are conducting a multi-state, multi-country investigation into this string of crimes.”

Meanwhile, the Oklahoma Bankers Association has stated, “It is beyond apparent our bankers are taking great losses on these cards and we also need to explore creative ideas to mitigate these losses. It is in the best interest of retailers, bankers, processors and card providers to find ways to limit these losses so that debit and credit cards can remain a viable method of payment.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses POS skimming on CBS. Disclosures.