PCI DSS Guidelines ToCombat Against Card Skimming

According to The Payment Card Industry Data Security Standard (PCI DSS), businesses carrying out their transactions online are mandated to maintain certain guidelines in order to safeguard the interests and data of their users. These guidelines combat various issues such as data theft, hacking, fishing, and even card skimming.

Card skimming is the theft of credit card data by attaching external devices to card reading devices in the public and covertly stealing the card data and passwords for later use. This is a form of credit card fraud as these people monitor legitimate credit card transactions and steal the credit card information by the use of small external devices such as cameras or scanners. Usually, all of this data is stored in a plastic card’s magnetic stripe. The devices used for skimming or theft of the credit card data are known as card skimmers. These skimmers are a form of cameras or scanners which are placed over the card readers of public card machines or ATMs, and when any transaction is carried out, they record the card details and passwords in another plastic card via the magnetic stripe and clone the credit card. This way, they can use a credit card without the consent of the owner.

In order to avoid incidences of card skimming, the PCI DSS has requirements in place which give instructions on how to avoid incidences of credit card fraud.

The Requirement 9.9 in PCI DSS standards for security against physical access, that explicitly states, “Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.” Which implies that businesses require to ensure that their card reading devices need to be protected and monitored from tampering of any kind and special attention needs to be paid to ensure that there is no substitution of devices of any sorts.

In detail, the Section 9.9  asks businesses to make a list of all the devices they own, inspect the devices frequently, and train the security personnel to detect and be aware of suspicious behaviour. These guidelines are recommended but not mandatory. However, given the recently increased instances of criminals using skimmers to steal credit card information, it is strongly advised that businesses take PCI DSS recommendations very seriously.

Recently, there have been various instances of card skimming where criminals have been caught with hundreds of cloned credit cards and skimming devices to further their crimes. A couple of Romanian criminals was recently caught by the police with an external skimming device attached to a public ATM in New Delhi, along with a small camera and various plastic cards. They intended on recording the passwords of the credit cards as they were entered and then entering all of this information on the plastic cards that they owned. Thankfully, these criminals were arrested before they could cause any problems. PCI DSS allows a framework to businesses to ensure that they are protected from such theft and criminals who skim credit card data. These guidelines are key to secure and safe transactions without having to worry about any kind of theft or fraud.

QRC Solutions allows you to ensure the PCI DSS compliances in order to ensure that your business is safe against card skimmers. With the guidance of the experts, it is imperative that your business will be secured from any credit card frauds that may occur.

14th March, 2019 | PCI Compliance | Posted by QRC Solutionz Consultant

Tags: PCI CompliancePCI Certification