CONTINUE TO SITE »
or wait 15 seconds

News

New PCI best practices aim to help retailers; but security experts say POS, ATM skimming risks will continue

August 25, 2009

In the wake of the Heartland-hacker nab, the Payment Card Industry Security Standards Council has unveiled new best practices for retailers that aim to help merchants defend themselves against the growing number of credit- and debit-card skimming scams.
 
According to an article in DarkReading, skimming is a growing problem for grocery stores, gas stations, convenience stores and other retailers and their customers, who are increasingly falling victim to compromised POS devices and ATMs.
 
Bob Russo, the general manager of the council, says skimming is a widespread problem:
These are guidelines for what retailers should be looking at with their reader devices. We discuss different techniques for protecting those point-of-sale devices.
But Chris Paget, a security researcher who himself fell victim to an ATM-skimming attack at the recent DefCon conference in Las Vegas, tells DarkReading that skimming attacks are a symptom of an already-broken system of credit and debit cards:
The concept of a 'credit card' as it exists today is the problem. If credit cards were cryptographic devices rather than just numbers, then none of these threats would be a problem. The technology exists to implement this today and to completely eliminate credit card fraud, but it seems there's too much money being made from fraud for the card issuers to care.
Paget says the PCI guidelines neglect to address two areas of potential fraud: a malicious merchant stealing the data, and equipment that is tampered with at the factory:
If the person you give your card to at a restaurant has their own card skimmer, you're just as vulnerable. (And the guidelines) do not address the case of legitimately purchased equipment that was tampered with at the factory, nor the case of a software-only addition to an ATM or card reader.
The PCI Council's "Skimming Prevention: Best Practices for Merchants" guidelines, include a risk assessment questionnaire and self-evaluation forms to help retailers gauge their risk. The guidelines detail how to identify a rigged reader and what to do about it.

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
ATM fees increase for 3rd consecutive year
ATM check deposit fraud on the rise in Honolulu
The Farmers Bank renames branches, converts ATMs to ITMs
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
ParaScript intros verification solution for checks


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'