PCI Council Releases Recommendations For Preventing Card-Skimming Attacks
New best practices are aimed at helping retailers -- especially small
merchants -- but security experts say skimming risk runs deeper By Kelly Jackson Higgins | DarkReading
The PCI Security Standards Council (PCI SSC) today unveiled best
practices for retailers to defend themselves against the growing number
of credit- and debit-card skimming scams.
To skim through it, click Skimming Prevention: Best Practices for Merchants (Word Document)
Skimming credit- and debit-card data is becoming a popular way
for cybercriminals to steal credit and debit card account numbers and
execute financial fraud against grocery stores, gas stations, convenience stores, and other retailers and their customers,
who are increasingly falling victim to hijacked card readers and ATM
machines. Skimming occurs either by a malicious insider at the retail
point-of-sale capturing the customer's card data, or more commonly by
someone physically rigging a reader with a sniffer-type device to
capture the data, which is then transmitted to the bad guys remotely.
"Skimming is becoming a widespread problem. These are guidelines for
what retailers should be looking at" with their reader devices, says
Bob Russo, general manager of the PCI SSC. "We discuss different
techniques for protecting those point-of-sale devices." But security experts say the council's skimmer protection
guidelines are more a symptom of the already-broken system of credit
and debit cards.
"The concept of a 'credit card' as it exists today is
the problem: If credit cards were cryptographic devices rather than
just numbers, then none of these threats would be a problem," says
Chris Paget, a security researcher.
"The technology exists to implement
this today and to completely eliminate credit card fraud, but it seems
there's too much money being made from fraud for the card issuers to
care."
Editor's Note: C'mon...really? I don't think that's fair. They care or they wouldn't be running advertisements and attaching rewards programs to signature debit. The fact that signature debit is 15 times more likely to be fraudulent is only a coincidence isn't it? In the Visa ad below, they are advertising their Debit card down under by saying... Just Remembah to Poosh the Credit Button" (talk about skimming...)
Continue Dark Reading