User Blogs

User Blogs

Discussions and Blogs

Jun 01
2012

POS Skimming—Bad News for Banks and Merchants

Posted by: Robert Siciliano in MyBlog

Tagged in: Skimming Fraud

Robert Siciliano

EFTPOS skimming has become increasingly prevalent over the past few years. EFTPOS skimming—which stands for “electronic funds transfers at the point of sale”—involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server.

In one such case, Romanian hackers are alleged to have remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million. The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.

Officials report a wave of credit and debit card attacks, involving point of sale terminal swapping, data skimming, and hacking into payment processors. The U.S. Secret Service, for example, will not disclose details about specific cases, but confirmed, “they are conducting a multi-state, multi-country investigation into this string of crimes.”

Meanwhile, the Oklahoma Bankers Association has stated, “It is beyond apparent our bankers are taking great losses on these cards and we also need to explore creative ideas to mitigate these losses. It is in the best interest of retailers, bankers, processors and card providers to find ways to limit these losses so that debit and credit cards can remain a viable method of payment.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation.

Trackback(0)
Comments (0)add comment

Write comment

busy

Subscribe via Email

 Your Email:
Banner

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit authentication Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer Fraud Consumer IT Tips consumer privacy consumer scams contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud criminal Criminal Identity Theft Cross-Device Security cyber crime cyber fraud Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data privacy data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport email and web security EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook Facebook privacy facebook safety tips facebook scam FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs hacked Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft identity fraud identity protection Identity theft identity theft protection Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security IRS IRS Scams ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security linkedin scam Litigation Malware marathon master password mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online fraud online gaming online identity online privacy online safety online scams Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport password password manager password security passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy privacy and security privacy policy Prize Draw public WIFI QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping Shoulder Surfers shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social media scams social network Social Security SOX spam spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax fraud tax return scams tax scam tax scams Tech tech support technology Threat Management Tokenization TQM trojan Twitter typosquatting Virus viruses VPN wallet web Webcast Q&A Wi-Fi WIFI wifi hacking WiFi password Wifi security wireless Worms
Banner