Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during this prime shopping season. Awareness, Checking security controls and Testing security now will help your business lock down your systems during the holiday rush.
Merchants looking for more information on how to secure customer payment data should visit the PCI SSC merchant site.
Who’s Checking Your POS Device for Skimming?
“Skimming devices” sweep up your customers’ payment card data off the magnetic stripe when swiped through a card reader. Hackers use the data to create counterfeit cards and make illegal purchases. See our earlier post for more on how these attacks work.
As a small business, you know skimming can cause serious trouble, and especially during the busiest shopping time of year. That's why it’s vital that you and your staff know how to spot a skimming device. Everyone should be on daily alert to bust potential skimmers!
Typically, a skimming device installed in your point-of-sale (POS) is invisible. This means discovery entails looking for evidence that an attacker managed to sneak one into your payment system.
Here are three simple steps to help you and and your staff spot a skimming device.
1. Confirm your hardware. A legitimate terminal’s serial number attached by sticker on the underside should match the electronic display. If they’re different, there may be a skimmer inside.
2. Look for odd changes. If someone removed a terminal’s bottom cover plate to insert a skimmer, they often removed or damaged security stickers placed over screw holes or seams. Some attackers replace terminal cables with an infected variation (e.g. straight vs. curly). Others might place an extra device for skimming next to your terminal. Take a photo of new equipment and periodically cross-check the entire point-of-sale with the photo to confirm there are no changes.
3. Be cautious of unannounced service visits. A so-called “friendly tech” may be an attacker looking to sneak in a skimming device.
Resources that can help you:
- Resource Guide: Skimming
- For photographs of skimming devices and more, check out our detailed prevention guidance (see pp. 9-16).
Merchants looking for more information on payment security essentials should start here: