The holiday season is officially here and many people have already started their gift shopping. The National Retail Federation estimates the average American spends $700 on holiday gifts, which amounts to more than $465 billion. With the large increase in shopping trends, we tend to see an increase in fraudulent activity as well.
You may have heard of Skimmers, devices that swipe and read the magnetic strip on credit cards. Skimmers are attached to the outside of the card reader and are quite bulky and easy to spot. Unfortunately, hackers have moved on to a newer technology; Shimmers are the latest threat to credit card security at ATMs. Shimmers are paper-thin card-sized shims embedded with a microchip that is not easily detected. Weeks, and even months, can go by without the Shimmers being noticed. They sit between the chip reader in the ATM and the chip on the card, so when a customer’s card is inserted, the shimmer records the data on the chip while allowing the ATM to function as normal.
Fortunately for cardholders, these devices will only work if the issuer neglects to check the CVV when authorizing the transaction. Chip-enabled cards have additional security components to help protect against card cloning. The iCVV, or integrated circuit card verification value, is one of those security mechanisms. The information that is collected by a Shimmer cannot be used to recreate a chip-based card, but it can be used to clone a magnetic stripe card. In other words, as long as merchants adopt the EMV chip card terminal, the use of the Shimmer device will not be successful.
What can you do to protect cardholder data?
When it comes to payments, the merchant is responsible for protecting the cardholder’s information. As a merchant, you should…
- Check your card readers daily for any kind of tampering that may occur.
- Compare the name on the customer’s credit card with the name on the POS receipt instead of their ID. If the names do not match, it is very possible that it is fraudulent.
- Immediately remove any card readers that have broken seals, loose screws, or any other kind of evidence that shows it may have been tampered with.
For more information on skimming, check out this post by the PCI Security Standards Council: https://blog.pcisecuritystandards.org/be-aware-skimming?
Have a happy and prosperous holiday season knowing that your customer’s payment data is secure and that you have reduced your risk of a security breach. For more information on Nodus’ solutions and partnerships, please reach out at 909-482-4701 or firstname.lastname@example.org.