One of the hats I wear, in fact the one I wear most often, is as a security analyst for a company that specializes in credit card fraud prevention. As a part of my job I get to hear some pretty interesting stories around what goes on out there in baddy-land.

This recent Christmas has seen an unprecedented spike in skimming fraud, including several major retailers and shops being targeted by the baddies.

Here’s a few things that you might not know, but might like to know about credit card skimming.

1. When the ATM tells you to cover the keys with your hand as you enter your PIN, it’s not because of the person standing behind you. For a skim to be successful, a fraudster needs a copy of the magnetic stripe and your PIN number. With ATM skimming, what typically happens is a camera is mounted either in the bezel above the ATM pinpad, on the side of the enclosure, or nearby. When you cover the pinpad with your hand you decrease the risk of a successful skim. In fact, this measure alone would prevent a very large proportion of skimming attacks originating from ATMs‘.

2. Banks will never mount a brochure holder next to an ATM. This is one of the most popular areas for hiding a camera to capture PIN’s.

3. Handheld pinpad’s are taking over ATM’s as the most popular attack points. I’m talking about the ones you hold in your hand at the checkout for example. Typically, a fraudster will come in dressed as a repairman or someone plausible and let the cashier know that they are taking the pinpad away for repairs. They will then either swap the pinpad with one that has been fitted with skimming devices, or take it away and return it one it has been fitted. Fraudsters are opening the case and fitting tiny magnetic readers where the magnetic stripe goes into the pinpad, as well as contact pads under the numbers to capture the PIN. These feed a small bluetooth transmitter which sends the captured details wirelessly out into the parking lot. Next time you use a handheld pinpad consider if it is a) secured to the base station with a bike cable or similar (if it isn’t take a look and see for yourself just how easy it is to remove the thing) and b) doesn’t have any signs of tampering.

4. Signing is safer than PIN. Referring to the point above… If you pay by credit card and sign instead of PIN the worst case scenario is that a fraudster will copy the magstripe and create a phony card. If you authorize with a PIN your card and your account is pwned.

5. The chip in your card is currently fraud free – if you use it. At the moment the chip technology that is being phased in is not susceptible to skimming because of various cryptographic features. The problem is that because of the need for backwards compatibility it will be a long while before the magnetic stripe (which is susceptible to skimming) disappears completely. As an interesting aside magstripe based credit card skimming in Australia has increased by more that 400% since the chip cards begun being phased in. Ask your merchant to use the chip instead of the stripe.

6. Do your banking at the banks. The most popular ATMs for skimming are the little ones you find in the back of a convenience store, or hidden in a side alley or in a pub. The safest place to do your banking is out the front of banks themselves – their ATM’s are always under surveillance. Shopping centers and main roads and considered safe, but the question I always ask myself is “do the people who can see this ATM know the difference between a bank employee and a fraudster…?” Typically no. The banks are the safest place to bank.

7. Know your risk. The issues with credit card fraud and bank fraud is not so much that you lose your money – 99% of the time the bank investigates and returns the funds out of their insurance coffers. The issue is this – “if you suddenly down $5,000, and didn’t get the money back for 3 or 4 months, what position would that put you in?” Banks do get pay out, but they take a LONG time to do it. I was defrauded whilst on holidays many years ago and it took 5 months to get the funds back. The unfortunate fact is that many people I know would go personally bankrupt if $5k suddenly dropped out from under them for any period of time. The best way to minimize this risk is to “silo” your cash – create a bank account or a credit card with a balance or a limit that would minimize the impact of fraud. Transfer money into it as you need to spend it.

So to sum up, here’s the things you should remember:

1. Cover up for the cameras.

2. Beware the brochure box.

3. Skimming isn’t just ATMs

4. Sign not PIN

5. Chip not stripe

6. Bank at the bank

7. Silo your risk.

I hope this is helpful. If you have any of your own tips,  or if you or someone your know has been duped please share in the comments section, I’d be keen to hear it.

Related articles by Zemanta

• What is Skimming (sparksspace.blogspot.com)
• Threat to Chip and PIN Terminals (pindebit.blogspot.com)
• The Safety Factor When Signing or Punching in a PIN (bucks.blogs.nytimes.com)
• Aussies Fall Victim To Retail EFT-POS Skim-Scam (pindebit.blogspot.com)
• Customers ‘blamed for card fraud’ (news.bbc.co.uk)
• Credit Card Companies Skimming Charitable Donations (delawarewatch.blogspot.com)