Be Alert For EFTPOS Skimmers

You probably look twice at any ATM to check for skimmers -- the external devices designed to steal your card data -- but NSW police are warning that criminals are now attaching skimmers to the EFTPOS terminals used in stores as well.

Picture by bepster

Police have already arrested six people in relation to EFTPOS skimming, so it's not just an empty threat. While it's potentially more difficult to attach a skimmer to a store device (since staff are likely to notice it), that doesn't mean it's impossible.

What can you do to protect against those attacks? As ever, vigilance (regularly checking bank statements), sensible security precautions (not recording your PIN in an obvious form) and taking advantage of technology (such as chip-based cards, which are harder to duplicate) are the main steps.

Detectives issue warning about card skimming offences [NSW Police]


Comments

    I would love to know exactly what it is that we should be looking out for on EFTPOS terminals. On ATMs, I always do a quick check for anything out of place, cover the pinpad with my purse and give the card eater a tug.

    There was a warning about this on the news years ago, and at that time they warned you to watch out for your card being swiped twice by staff, through two different machines - one genuine eftpos machine and one skimming device

      So its the staff that are in on the scam? Not crims coming in and tampering with the EFTPOS devices unbeknownst to the staff? That is farked.

    I remember reading a while back that a number of rigged Eftpos terminals were found with had no signs of tampering. The criminals had got someone working at the factory producing them to set up the machines to transmit all scanned card details back directly to them. As this all happened in the factory, the merchants were none the wiser and the only way to tell which machines had been hacked was to weigh them.

    This is a scary document!
    I always thought they'd be pretty easy to spot, but these are indistinguishable unless it's a machine you use regularly!

    The commonwealth bank, in NSW at least, they've got the contract to provide all the machines for eftpos use in McDonalds outlets. About a month ago there was a scam going on where other people had replaced the whole machine with another functional one, albeit altered to also send the data to a person nearby with a laptop.

    Maybe some of the dodgier equipment could be spotted, but the higher quality stuff is pretty well near impossible to pick out.

      On the McDonalds front, I recently visited the Sutton's Forest (NSW) McDonalds (big highway one) and all the Eftpos machines now have laptop style combination security locks tying them to the bench and tamper seals obviously to try and protect against the whole machine being replaced - as that is obviously the easiest way to quickly install a skimmer, the unit just needs to ask "Enter PIN" and people will - then collect the numbers via bluetooth or similar at a later time.

      I have gone back to using my credit card everywhere (instead of debit card) except ATMs as it gives slightly more protection (it's not "my" money they are stealing if they do) and has the chip which is becoming rapidly more accepted (although not sure if its any harder to copy from)

    Anyone wondering what these skimmers can look like, should check out:
    http://www.krebsonsecurity.com/2010/01/would-you-have-spotted-the-fraud/

    In light of these recent events, lets hope the big banks take a step towards the ANZ style of ATM, and update their machines with additional security measures..

    On a side note, I wonder if there are any stats on these crimes, more so, what banks, and their machines in particular, are targeted.. Most of the machines out there are pretty generic hey

    Seems like a timely place to warn people about in store security cameras. There have been a couple of cases where staff, probably in addition to skimming cards, were making use of footage from in store security cameras that were trained on the keypad to capture pin entries.

    Where possible, swipe your own card and ALWAYS cover the pin pad as you enter your pin and if you notice a camera that seems to be directed at the pad you may wish to mention it.

Join the discussion!