Last week, we mentioned a rash of phony invoices that are being sent by companies alleging to help with EMV upgrades, along with some preliminary advice on how to be aware of whether skimmers were being placed on the POS devices at your business.
Skimmers are, unfortunately, popping up at gas stations, on ATMs, and even in in-store Point of Sale devices with increasing regularity, allowing fraudsters to “skim” the information in order to make cards of their own for fake purchases, and all-too-real withdrawals, before the accounts are canceled.
This week, we prevent some further tips on how to prevent skimmer placement, spot them if they’re there, and what to do if you find one:
- Keep a list of device locations, within the store itself (i.e., self-checkout, or self-serve counter, “regular” checkout lanes, etc.), and by store, if you have more than one.
- Maintain a list of serial numbers or other methods of unique identification fo the POS devices..
- Train employees to be aware of suspicious behavior and report any tampering or substitutions, and make sure the identity of anyone claiming to do repair or maintenance is confirmed, before they begin.
- Try to inspect all POS devices on a regular basis — perhaps even twice daily — and at random times, as well.
- Physically examine the device, when you do. Note that kimming devices are typically attached, quickly and usually loosely, with minimal adhesive, so often the “grab-and-pull” method can help you confirm a skimmer’s presence.
And if you do discover a POS device? Try to not to handle it too much, as it will probably be needed for evidence. Instead, contact local law enforcement, the FBI, or even the US Secret Service, to report the discovery.
Note that often the capture of PINs is part of the “skim scam,” so there may be a camera nearby, or even suspects, doing “live monitoring” of their devices. In which case you may want your own security personnel away at a more discrete distance, while you make your inspections, so they can, in turn, observe anyone “connected” to the devices.
Also, of course, notify your processor, like AVPS!, so we can also report it, and notify the card company as well.
For a handy PDF on further information on anti-skimming resources, you can go to this site set up by the PCI.
And may the only thing that gets skimmed this summer are the waves you ride at the beach!