Secure the Pin Pad
Another dimension of skimming is when rogue employees or others with access retrofit skimmers to legitimate ATMs, gas pumps, grocery/department store checkout machines, restaurants and other places where users swipe their credit cards. Here, the perpetrator places a device over the card slot to read the magnetic strip as the user or an employee passes the card through it. A miniature camera inconspicuously attached nearby reads the user's PIN at the same time
To prevent such types of skimming, establishments should take care to secure their pin pad physically. Ways to do so include:
- Inspecting the pin pad for signs of any tampering at the start and end of each shift.
- Checking the serial number of the pin pad daily to see if someone has changed the entire pin pad itself. The unregulated sale of pin pads gives skimmers ample scope to install their own pin pad and transmit the data via wireless avenues.
- Physically securing the pin pad to a stand, securing endpoints, and concealing the cables. All these make tampering difficult. Treat the pin pad like cash, and place it under the counter or out of sight.
- Move to chip and pin. Skimming bases itself on capturing the magnetic swipe, and does not work with a fully authenticated chip transaction.
The ordinary card holder, especially one who uses the card frequently might find it difficult to identify where the skimming has taken place, but the card issuer collates the complaints received to detect a pattern and identify the source of the skimming easily. The penalties for merchants can be severe, and may extend to exclusion from the system and criminal charges, even if the fault lies with a rogue employee and not the merchant per se. As such, no measure your business can take to help prevent credit card skimming is a wasteful expenditure.
Lastly, certain businesses and organizations may be subject to the Federal Trade Commission's (FTC) Red Flag rules - learn more about Red Flag Rules here.