Protecting Point Of Sales From Skimming Devices

One of the most critical pieces of hardware involved with your payment processing is your card swipe POS device. It’s the device that makes physical contact with your customers credit card and if it is compromised it can be used to copy the full credit card information by a hacker. Unfortunately, the hackers and criminals know this and they have been ramping up their attacks from ATMs, to gas pumps, and many other POS devices.

image1 Criminal installing Skimmer on POS device

The criminals are creating customized overlays, called “skimmers”, that sit on top of the credit card reader to copy the credit card information as it is swiped through the reader. The credit card data is stored on the skimmer until the criminal pulls the data off. In some cases the criminal configures Bluetooth on the skimmer so they can read the data remotely; or in other cases they simply take the skimmer back off the device and read the data at their location. Once they have the credit card swipe data they are able to “clone” a credit card with the information and run fraudulent transactions. With the adoption of EMV chip (EuropayMasterCard, and Visa) in the U.S., it will go a long way to eliminate this type of threat by removing the benefits of skimming by fraudsters. Even though the majority of EMV chip cards being issued in the U.S. still have a magnetic stripe that can be skimmed, a fraudulent credit card made from that stolen mag-stripe data cannot be used successfully at an EMV- enabled terminal. In addition, it has been reported that more than 7,200 credit card terminals from store registers nationwide have been replaced after discovering that thieves had somehow modified or replaced machines to include POS technology capable of siphoning customer payment card data and PINs.

image2 One criminal distracts attendant while other installs Skimmer on POS

Compliance requirements

The credit card industry has been aware of these attacks for sometime, but with the advent of personal 3D printers the attacks have become much more “stealth-like” and harder to identify. The Payment Card Industry (PCI) security standards council has updated their own compliance requirements to ensure merchants are regularly inspecting their card swipes looking for both the substitution of the devices, and to identify if the device has been tampered with.


With the recent headlines being full of credit card breaches, consumers are wary of merchants who do not protect their data. It is recommended that you let your customers know about the efforts you’re putting into protecting their card data. Let them see you when you’re inspecting your POS devices. Invite their questions and point out to them how you’re different. Instilling consumer confidence will make a difference to your customers with the myriad of choices they have from competing gyms in the area if they know you take extra steps to protect them.

Stephen Wilson
Marketing Communications Consultant

 For more information email or call 720-810-2580.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s