Scam Alert, Pt. II: How to Protect Against Skimmers
Last week, we mentioned a rash of phony invoices sent by companies alleging to help with EMV upgrades, along with some preliminary advice on whether skimmers were being placed to protect against skimmers on the POS devices at your business.
Skimmers are, unfortunately, popping up at gas stations, on ATMs, and even in in-store Point of Sale devices with increasing regularity, allowing fraudsters to “skim” the information to make cards of their own for fake purchases, and all-too-real withdrawals before the accounts are canceled.
This week, we prevent some further tips on how to avoid skimmer placement, spot them if they’re there, and what to do if you find one:
1. Keep a list of device locations
Within the store itself (i.e., self-checkout, or self-serve counter, “regular” checkout lanes, etc.), and by store, if you have more than one.
2. Maintain a list of serial numbers or other methods of unique identification
For the POS devices.
3. Train employees to be aware of suspicious behavior
report any tampering or substitutions, and make sure the identity of anyone claiming to do repair or maintenance is confirmed before they begin.
4. Regularly inspect all POS devices
Try to inspect all POS devices regularly — perhaps even twice daily — and at random times, as well.
5. Physically examine the device
When inspecting, use the “grab-and-pull” method to confirm the presence of a skimmer.
Protect Against Skimmers: If You Do Discover a POS Device?
Try not to handle it too much, as it will probably be needed for evidence. Instead, contact local law enforcement, the FBI, or even the US Secret Service, to report the discovery.
Note that often the capture of PINs is part of the “skim scam,” so there may be a camera nearby, or even suspects, doing “live monitoring” of their devices. In which case you may want your security personnel away at a more discrete distance, while you make your inspections, so they can, in turn, observe anyone “connected” to the devices.
Also, of course, notify your processor, like AVPS!, so we can also report it, and notify the card company.
You can contact us right now if you’d like more information on “skim protection,” becoming EMV compliant, or anything else.
For a handy PDF with further information on anti-skimming resources, you can go to this site set up by the PCI.
And may the only thing that gets skimmed this summer are the waves you ride at the beach!