Card Skimming Prevention: Best Practices & What To Look For



Data from Consumer Payment Cards

The first type of skimming event is the acquisition of payment data directly from the consumer’s payment device (payment card). This is normally accomplished through a small, portable card reader. Normally this occurs during a payment transaction conducted by the consumer at a merchant location and usually involves internal merchant personnel who have both criminal intent and direct access to the consumer payment device (payment card) with little or no observation at the time of payment. The majority of skimming attacks deal with the capture of payment data from magnetic-stripe payment cards.

Data Capture from the Payment Infrastructure

The second type of skimming event results from the capture of payment data within the payment infrastructure at the merchant location, with a focus on compromised POS terminals and their respective infrastructures (terminal locations, wires, communication channels, switches, etc). Criminals will insert electronic equipment, by various means, into the terminal or the terminal infrastructure, in order to capture consumer account data. The skimming equipment can be very sophisticated, small, and difficult to identify. Often it is hidden within the terminal so neither the merchant nor the cardholder knows that the terminal has been compromised.

Click here to learn more about Skimming Prevention & Best Practices