Tag Archives: EMV Chip

National Cyber Security Awareness Month – Beware of Skimmers!

Lets face it; technology is everywhere in our daily lives. So much so that we have gotten to the point where we use it without a thought. Hackers and thieves depend on a certain level of laziness to victimize people using card skimmers.

Everyday millions of Africans-Americans pull out their debit or credit card and swipe it. We swipe it for gas, food, clothes, medicine, every conceivable purchase. But are we aware of how vulnerable your money, and even your financial life, is when you swipe your card?

One of the most prolific, and easiest,  cyber crimes is the use of skimmers. A skimmer is a small device that is almost invisible to the naked eye. It is placed inside credit card readers. When you swipe your card through the reader the device records the information on your credit/debit card and transmits it to criminals. These skimmers can be found anywhere you use a credit card. The gas station, a convenience store or even an ATM. As I said already, spotting these little devices is very difficult. Sometimes the thieves will mount a skimmer over a card scanner. Sometimes they can gain access to the machine and mount the device inside. These cyber criminals are so good that they can even build skimmers with key pads that record your PIN and you would never know you were using it.

Newer credit and debit cards have what’s known as the EMV or chip and PIN cards. These are much more secure because they transmit transaction data encrypted. But those are not 100% secure either.

After they get your information they may decide to empty your bank account or max out your credit card on a  shopping spree. Its calledcard not present fraud.”

So how do you detect a card skimmer?

If you investigate the device you can sometimes spot a skimmer. Here are a few tips.

  1. Look for tampering. Check the device for any sign that it has been tampered with. Check top, bottom and both sides of an ATM. Check the card reader and the keyboard.
  2. Does it look right? Do you recognize it? If it is your bank ATM does it look different, such as a different color or material, graphics that aren’t quite correct or anything else that doesn’t look right. Be alert and paranoid about any machine. 
  3. If you’re at the bank and there is more than one ATM compare them. Look for obvious differences between the two? They should be identical.  If not alert the bank and police immediately.
  4. Check that  keyboard. Is it too thick? Is it loose or just does not look like it fits right? There may be a PIN-snatching overlay. Don’t use it.

    Fake ATM keypad

    5. Push, pull, jiggle everything. ATM’s are pretty sturdy so it should feel solid. Card skimmers and fake key pads are installed quickly and if you pull on one it may come off in your hand.

6. Another good practice is to hide your hand when entering your PIN. Some hackers use tiny cameras mounted above the ATM to record your PIN. Use one hand to cover the other when entering your PIN.

A card skimmer can be anywhere. You need to be alert and look for any signs that something is wrong. Be aware of gas pumps that might have been tampered with. This is a favorite hacker target. Why? Because they have a high volume of traffic and are not closely monitored. A good crook can install a card skimmer in seconds and come back for it in a few minutes having collected data from several cards. He may do this at several gas stations in a single day.

But the criminal may not come back for the skimmer at all. In the past skimmers had memory chips that required criminals to come back and retrieve the device. No more. The newest skimmers can transmit the information via Bluetooth or text message to the criminals computer. They can install the skimmer and record for hours. And you don’t have to build these devices. You can easily buy these devices on the web where they are sold openly.

But you can fight back. Your smartphone can detect these Bluetooth skimmers. When you arrive at a gas pump or any location using a self-serve card machine whip out your smartphone and  go to settings. Turn on the Bluetooth and have it search for sources. If a you see a string of suspicious numbers come up do not swipe your card in that pump or ATM. Report it to the police and store management immediately.

There are also apps that can detect skimmers. Skimmer Scanner is currently available for Android phones and it can detect the presence of a skimmer on a card swipe machine. The Skimmer Scanner app checks for nearby Bluetooth transmissions and alerts you when one is detected.

Now you know.

Pay-at-the-Pump Skimming on the Rise

gas pump skimmer tape

Security tape on gas pump card reader

Security experts are warning of a rise in skimming attacks at gas stations. Millions of
African-Americans use self-service gas pumps everyday and could be vulnerable to skimming attacks.

Skimming attacks are expected to rise significantly between now and the end of 2016 because of the change to the new EMV or PIN and Chip cards. Criminals are targeting self-service terminals at gas stations and ATMs because they are not yet using the new card technology.

Financial fraud expert Avivah Litan said, “Unattended, and especially older, self-service gas pumps are, and have always been, a very attractive target for criminals. And they will become increasingly attractive, as these will be some of the last payment acceptance devices to be upgraded to EMV in the U.S.”

Although the EMV fraud liability shifted for physical point-of-sale devices in the U.S. this past October, the liability shift for self-service gas pumps does will not be implemented until October of 2016 for MasterCard and October 2017 for Visa. October 2017 is also the date set by both card brands for EMV fraud liability shifts at U.S. ATMs.

Experts have been expecting a shift in card fraud as a result of the new EMV cards. They are warning consumers and retailers that gas stations and convenience stores should at least require customers to use their zip codes to authorize payments. This practice dramatically reduces card fraud.

Security executives are warning retailers to step up physical security at the pumps to reduce the opportunity for criminals to install skimmers.   “To place the device on the pump, the fraudster needs access to inside the pump door, so from my perspective, better physical security is needed,” the executive says. “From some of the devices we have seen placed, they are on the pumps for several days, if not a few weeks; and in cases of Bluetooth or Wi-Fi enablement, to download the data, the devices may be left on longer, as to not risk capture or removal.”

To avoid gas pump skimmer follow these steps;

  • Examine the card slot closely. Wiggle or tug on the slot to make sure it is secure.
  • Check security seal on the card slot.
  • Look for signs of tampering such as broken lock on the cover.
  • Use cash whenever possible.
  • Use a credit card rather than a debit card.
  • If you must use a debit card select the option on the screen that allows you to have your debit card purchase processed as a credit card transaction.  Don’t use your PIN  which is what the bad guys need to withdraw cash from your account at an ATM.
  • As always monitor you bank account and card transactions closely.

Now you know.



Black Consumers; Is Cash a Safer Option?

Courtesy of cooldesign

Courtesy of cooldesign

Is it time to go back to cash? In this age of technology and electronic payments the value of money has not changed. However the vulnerability of money has increased exponentially. I say it all the time but you’re about to hear it again; Black people don’t play when it comes to money! So again I ask; Is it time to go back to cash?

At least one nation is considering the move to a completely cashless economy. Denmark is about to become the world’s first cashless nationThat nation’s government is pushing to free some stores, restaurants and gasoline stations from accepting cash payments at all. The government is hoping to get rid of the option to pay by cash by as early as 2016.

But is that a wise move? That is Europe not the U.S. And the potential for fraud is just as great there as it is here. So why do it?

Danish banker association, Finansraadet, claims that going cashless would save retailers money on security, in addition to time when counting money at the end of the day. But is that saving enough? Has the electronic payments systems become secure enough to make this move safe?

Maybe not.  There is fear that with electronic transactions, the risk of fraud will also rise. Those opposed to the cashless economy have cited the unfortunate case of  another European nation, Sweden. That nation has the highest number of bank transactions per person in the European Union. That nation has also seen fraud double in the past 10 years.

Last year, Juniper Research forecast that payments by smartphone would hit 9.9 billion by 2018, with one in five phones acting as digital wallets. But is that the right move for American consumers, or African-American consumers?

Black consumers possess buying power in $1 trillion dollar range. We have the ability to affect the U.S. economy with our buying choices and spending practices.  Is moving to cash a way to send a message to both the retail and technology sectors? Can we demand better security? We should.

But lets be real for a minute. We have seen that the use of electronic payments is only marginally safe in the U.S. We have extreme problems protecting our electronic payment system as seen by hacks at Target, Home Depot and most recently Sally’s Beauty Supply. The math of the situation is not on the side of the consumer. And executives of the payments and retail industry do the math. What math? The math that tells them that it is still cheaper to pay off fraud claims than it is to invest in safer technology and systems to protect our money. The AACR has written about this before.

Like most consumers black people patronize small businesses. And although we hear a lot about the really big data breaches we don’t hear too much about the small ones. Small businesses are probably more vulnerable to data theft than larger companies. It is estimated that for every major data breach that hits the news there are dozens, even hundreds, of smaller breaches that are rarely heard of. According to the National Small Business Association , 44 percent of all small businesses have experienced a cyber attack, with the average cost of the incident costing just less than $9,000. That’s nearly half of all small businesses. Did you hear about the data breach at the bakery down the street? Probably not but your payment information may have been lost. Did they report it? Do they even know they were hacked?

Another danger to electronic payment is the infamous card reader or skimmer fraud. Card skimmers are nearly invisible devices that attach to ATM’s, gas pumps and other places where you swipe your card for self service purchases. The skimmer records your card data and PIN number for cyber thieves. Card skimming is a major problem in the U.S. and around the world. Estimates of funds stolen has reached into the tens of millions of dollars in the U.S. alone.

Is cash the answer? Can it make some commerce safer? Possibly but in the age of electronic commerce using cash for some transactions is almost impossible. Shopping online is one obvious answer. Electronic commerce is fast and convenient. But there are  situations where cash or a written check is better and more secure.

Cash may be the answer in the age of repeated data breaches and electronic fraud. Black consumers may wish to consider the $200 rule. If an item is less than $200 then pay cash. Limit your use of credit and debit card to larger purchases. Keep at least that amount in your wallet weekly. Use that cash for buying gas, groceries and other need now items. This practice will limit your exposure to possible credit or debit fraud. If you decide to move to cash you should also ask for new credit and debit cards. Ask for a card that contains the new EMV chip. Getting new cards will nullify old payment information in retailers computers and reduce your vulnerability to fraud.

Keep in mind that cash is still the dominant form of payment even today. Black consumers today should raise their awareness of how cyber crime works and how they are vulnerable. Using credit and debit cards regularly raises your chance of eventually being a victim in a data breach if you are not already.

Now you know.