Tag Archives: chip and pin

National Cyber Security Awareness Month – Beware of Skimmers!

Lets face it; technology is everywhere in our daily lives. So much so that we have gotten to the point where we use it without a thought. Hackers and thieves depend on a certain level of laziness to victimize people using card skimmers.

Everyday millions of Africans-Americans pull out their debit or credit card and swipe it. We swipe it for gas, food, clothes, medicine, every conceivable purchase. But are we aware of how vulnerable your money, and even your financial life, is when you swipe your card?

One of the most prolific, and easiest,  cyber crimes is the use of skimmers. A skimmer is a small device that is almost invisible to the naked eye. It is placed inside credit card readers. When you swipe your card through the reader the device records the information on your credit/debit card and transmits it to criminals. These skimmers can be found anywhere you use a credit card. The gas station, a convenience store or even an ATM. As I said already, spotting these little devices is very difficult. Sometimes the thieves will mount a skimmer over a card scanner. Sometimes they can gain access to the machine and mount the device inside. These cyber criminals are so good that they can even build skimmers with key pads that record your PIN and you would never know you were using it.

Newer credit and debit cards have what’s known as the EMV or chip and PIN cards. These are much more secure because they transmit transaction data encrypted. But those are not 100% secure either.

After they get your information they may decide to empty your bank account or max out your credit card on a  shopping spree. Its calledcard not present fraud.”

So how do you detect a card skimmer?

If you investigate the device you can sometimes spot a skimmer. Here are a few tips.

  1. Look for tampering. Check the device for any sign that it has been tampered with. Check top, bottom and both sides of an ATM. Check the card reader and the keyboard.
  2. Does it look right? Do you recognize it? If it is your bank ATM does it look different, such as a different color or material, graphics that aren’t quite correct or anything else that doesn’t look right. Be alert and paranoid about any machine. 
  3. If you’re at the bank and there is more than one ATM compare them. Look for obvious differences between the two? They should be identical.  If not alert the bank and police immediately.
  4. Check that  keyboard. Is it too thick? Is it loose or just does not look like it fits right? There may be a PIN-snatching overlay. Don’t use it.

    Fake ATM keypad

    5. Push, pull, jiggle everything. ATM’s are pretty sturdy so it should feel solid. Card skimmers and fake key pads are installed quickly and if you pull on one it may come off in your hand.

6. Another good practice is to hide your hand when entering your PIN. Some hackers use tiny cameras mounted above the ATM to record your PIN. Use one hand to cover the other when entering your PIN.

A card skimmer can be anywhere. You need to be alert and look for any signs that something is wrong. Be aware of gas pumps that might have been tampered with. This is a favorite hacker target. Why? Because they have a high volume of traffic and are not closely monitored. A good crook can install a card skimmer in seconds and come back for it in a few minutes having collected data from several cards. He may do this at several gas stations in a single day.

But the criminal may not come back for the skimmer at all. In the past skimmers had memory chips that required criminals to come back and retrieve the device. No more. The newest skimmers can transmit the information via Bluetooth or text message to the criminals computer. They can install the skimmer and record for hours. And you don’t have to build these devices. You can easily buy these devices on the web where they are sold openly.

But you can fight back. Your smartphone can detect these Bluetooth skimmers. When you arrive at a gas pump or any location using a self-serve card machine whip out your smartphone and  go to settings. Turn on the Bluetooth and have it search for sources. If a you see a string of suspicious numbers come up do not swipe your card in that pump or ATM. Report it to the police and store management immediately.

There are also apps that can detect skimmers. Skimmer Scanner is currently available for Android phones and it can detect the presence of a skimmer on a card swipe machine. The Skimmer Scanner app checks for nearby Bluetooth transmissions and alerts you when one is detected.

Now you know.

Pay-at-the-Pump Skimming on the Rise

gas pump skimmer tape

Security tape on gas pump card reader


Security experts are warning of a rise in skimming attacks at gas stations. Millions of
African-Americans use self-service gas pumps everyday and could be vulnerable to skimming attacks.

Skimming attacks are expected to rise significantly between now and the end of 2016 because of the change to the new EMV or PIN and Chip cards. Criminals are targeting self-service terminals at gas stations and ATMs because they are not yet using the new card technology.

Financial fraud expert Avivah Litan said, “Unattended, and especially older, self-service gas pumps are, and have always been, a very attractive target for criminals. And they will become increasingly attractive, as these will be some of the last payment acceptance devices to be upgraded to EMV in the U.S.”

Although the EMV fraud liability shifted for physical point-of-sale devices in the U.S. this past October, the liability shift for self-service gas pumps does will not be implemented until October of 2016 for MasterCard and October 2017 for Visa. October 2017 is also the date set by both card brands for EMV fraud liability shifts at U.S. ATMs.

Experts have been expecting a shift in card fraud as a result of the new EMV cards. They are warning consumers and retailers that gas stations and convenience stores should at least require customers to use their zip codes to authorize payments. This practice dramatically reduces card fraud.

Security executives are warning retailers to step up physical security at the pumps to reduce the opportunity for criminals to install skimmers.   “To place the device on the pump, the fraudster needs access to inside the pump door, so from my perspective, better physical security is needed,” the executive says. “From some of the devices we have seen placed, they are on the pumps for several days, if not a few weeks; and in cases of Bluetooth or Wi-Fi enablement, to download the data, the devices may be left on longer, as to not risk capture or removal.”

To avoid gas pump skimmer follow these steps;

  • Examine the card slot closely. Wiggle or tug on the slot to make sure it is secure.
  • Check security seal on the card slot.
  • Look for signs of tampering such as broken lock on the cover.
  • Use cash whenever possible.
  • Use a credit card rather than a debit card.
  • If you must use a debit card select the option on the screen that allows you to have your debit card purchase processed as a credit card transaction.  Don’t use your PIN  which is what the bad guys need to withdraw cash from your account at an ATM.
  • As always monitor you bank account and card transactions closely.

Now you know.

 

 

EMV is Coming! EMV is Coming!

chipcardOctober is EMV card month. And what is EMV? Currently there are 1.96 billion credit cards in circulation and they are about to change. Black people all over America are walking around with a credit or debit card in their purse or wallet. So we need to know and understand what EMV is and how it will change the landscape of credit card use starting in October. So lets get started.

First of all next month the way you use your credit or debit card will change. The first thing that will change is the card itself. America is the last major market on earth to switch to the chip embedded card. Why? The short answer is laziness, stupidity or ignorance by all involved. If you have not already received your chip embedded card now is the time to call your bank or card provider and ask when you should expect it.

The new card is called the EMV which stands for  Europay MasterCard VISA after the people who invented it. The first noticeable difference in the new card will be the chip, which is the small silver or gold chip embedded in the front of the card. Because of this chip the card should be more secure than the current magnetic stripe card you may still be carrying. Magnetic stripe cards save static payment data that can be copied, stolen or skimmed from one card and put onto another. This duplicate card data is then used to make all kinds of fraudulent purchases. Magnetic strip cards are simply outdated and notoriously insecure. The EMV technology adds a layer of security to the payment process.

EMV card readerf

EMV Card Reader

The EMV card works a little differently. The chip you see on your card has encrypted data. EMV card readers can read that data. Each purchase made with an EMV card creates a individual code unique to that particular purchase. If a hacker got a hold of that code he would not able to use it. You should be seeing the card readers in stores already. Once you slide your card into the reader, no more swiping, powerful cryptographic functions validate the authenticity of the card and cardholder. Bottom line is the encryption makes it extremely difficult to create a duplicate or fake card. But keep in mind that the magnetic strip is not likely to disappear from cards. Many small merchants will continue to use the old style card reader.

When you pay using the EMV card reader your card is instantly identified as being authentic by a process called dynamic authentication. When used with a PIN, the chip proves that the customer is paying with his or her own card.

Another change coming in October is the liability shift. A liability shift means that the responsibility for credit card fraud shifts slightly from just the card issuer to a shared liability of both the issuer or merchant that doesn’t use EMV technology. This change provides both parties with an incentive to adopt the technology. However it is not required that either party switch to the new technology. Why? Lets keep this as simple as possible; some issuers and merchants may still feel it is cheaper to take a loss on card fraud than to invest in the new technology. Is that simple enough for you?

NerdWallet’s Sean McQuay, a credit card expert and former VISA strategy analyst says, “EMV is a powerful tool, but it’s only effective if both consumers and merchants are ready to use it for transactions. Consumers need chip cards and merchants need chip readers. If only one side has upgraded to EMV for a specific transaction, then the upgrade was a waste.”

But will EMV solve all of our card security concerns? Probably not. This new technology is great but not perfect.

For example; in person transactions would definitely be more secure. Not so with thecard not presenttype of transaction such as purchases by phone or online. Using your card at the gas pump will continue to be dangerous since gas pumps aren’t required to implement the new technology until 2017. So this type of fraud is expected to increase.

So learn to protect yourself. Hackers are going to be going after those store that don’t use the new EMV card and card readers. That’s the first place you are vulnerable. Avoid those stores whenever possible by keeping a little extra cash in your pocket. And demand the new card from your bank or issuer. If they have decided not to go with the new technology then you may want to got with an institution that does.When shopping online avoid unfamiliar or unsecure websites. When you see “https” at the beginning of the payment page’s URL that means it is a secure payment site. Avoid it if you only see “http.” Change your user name and password regularly if you store your card information with any online retailers. Avoid sending credit card information via email or social media. 

Finally, criminals work hard too steal your money. The technology arms war n isever ending and hackers have already developed methods for hacking the EMV cards. Read on!

Here is more of what you need to know about the new EMV card technology.

Federal Reserve say Chip and Signature Not Enough.

Bad Guys Already Compromising Chip and PIN Cards

Now you know.

Video: Avoid Credit Card Fraud

Life is good. You have great dinner and whip out that credit card to pay for it. That sexy watch at the mall; break out that card. And of course drinks with the boys. All these purchases require you to surrender your card to a stranger for just a few minutes and in that few minutes you may get ripped off.

Credit card fraud is a fast growing crime that is very profitable. American credit cards are easy to duplicate because they only have a magnetic strip. Unlike European cards that have a chip embedded in them. Thats coming to the U.S soon but until then focus on protecting yourself.  Welivesecurity.com provides this excellent video to educate you on how to avoid credit card fraud.