Hypercom Chairman and Chief Strategist Calls for Industry To Combat New Dangerous Form of Skimming
Credit card "skimming" is an alarmingly escalating form of fraud that is victimising consumers, causing havoc with merchants, and costing the industry hundreds of millions of dollars every year. Skimming fraud takes many forms, but most often involves a cardholder turning over physical possession of his or her card to a retail or restaurant employee, who then swipes the card through a small, illegal card reader, called a "skimmer." The skimmer copies the data encoded on the card’s magnetic stripe. This information is then used to manufacture counterfeit cards that are used to rack up illegal charges. Industry sources estimate that the average skimmed credit card will generate some $2,000 in fraudulent charges before being detected.
Skimming is rapidly growing in virtually every major city in the US, UK, Europe, Canada, and Latin America. It is especially rampant in Asia. A new and far more dangerous variant of skimming involves implanting sophisticated skimmer bugs into card payment terminals. All legacy terminals of the current installed base are susceptible to this type of attack. There is no discernible pattern towards any brand of terminal. Every merchant with a legacy terminal from any manufacturer is at risk. This form of skimming is particularly insidious since it obliterates the Common Point of Purchase (CPP), which is used today by the card associations’ neural network software to pinpoint those merchants where most skimming originates.
"Until now, the card associations had an effective weapon to combat skimming." commented George Wallner, Hypercom’s Chief Strategist, during a high-level briefing with key industry analysts, consultants and market intelligence specialists in Phoenix, Arizona, USA. "By using sophisticated software they could identify the juxtaposition common to skimmed cards and thus the merchants where high levels of skimming originates, for most of the skimming. The associations could then assess fines against those merchants (and their acquirers) or withdraw their card accepting privileges. But with skimmers in terminals, whose skimmed contents are extracted infrequently – often many weeks after the card has passed through the particular location – there is no clear pattern. There is no easily identified CPP. As a result, there is no longer an easily implemented defence against skimming."
Essentially skimming takes advantage of the fact that a magnetic stripe is a passive media: its digital content can be copied with perfection, and there is no difference between a copy and the original. Technology available to fraudsters has reached a point where it leaves the 25 year old magnetic stripe largely defenceless. To make things worse, skimmed magstripe data is now available from numerous web sites.
"What is happening to the magstripe is not unlike what has been done to digitally recorded music on the Internet, except this is more insidious with no pretence of legality. The magnetic stripe was simply not designed to withstand attacks that use the sophisticated technologies available today," said George Devitt, Senior Vice President and Chief Marketing Officer of Hypercom.
Upsetting Relationships Built on Trust
"Our industry is built on trust. Under normal circumstances, the merchant trusts the acquirer to get paid; the acquirer trusts the issuers to get settled; the issuers trust the cardholders; and the cardholders trust the merchants. The most alarming thing about this new wave of fraud is that it is seriously undermining this trust," added Wallner. "For example, in Asia acquirers now increasingly require merchants to provide a security deposit of US$25,000 to cover the fines they sustain when skimming originates within their merchant base. This is upsetting the relationship between merchants and acquirers, as well as the relationship between the associations, issuers and the acquirers. In some cases this has even led to merchants declining to accept certain brands. Consumers are also affected as they will be denied the use of their skimmed cards and they may choose not return to a location they suspect having skimmed their card to use their replacement card. This is no longer!
about fraud losses. This is about the integrity of the card payment system. This new form of uncontrollable skimming has the potential to seriously weaken the brands that form the cornerstones of our industry," Wallner said.
A Call To Arms
"It is time for merchants, consumers and industry leaders to join forces and seriously combat skimming," Wallner declared. "We have the technology to stop this criminal activity in its tracks, but we cannot do it alone. Issuers, acquirers, terminal vendors, merchants and consumers must cooperate and adopt the tools necessary to eradicate this destructive activity." Wallner said. "We have four tools at our disposal to combat skimming: in the short term, we must put in place terminals that process cards right where the card holder is – especially in restaurants, right at the table. Terminals must also be made tamper resistant to prevent the implantation of skimmer bugs. They also must be capable of secure downloads to prevent the downloading of software skimmer bugs – which are surfacing at an increasing rate. Ultimately, however, our industry must move to smart card based credit cards because smart cards are ‘skimming-proof’."
Leading the Attack
Taking the lead in attacking credit card skimming, Hypercom and a growing number of leading merchant processors are deploying high-performance, touch screen ICE card payment terminals that are consumer-activated, ensuring that the card never leaves the consumer’s possession. In addition, Hypercom’s devices are made tamper-resistant through various intrusion detectors that deny access to the internal circuitry of the terminal without wiping out all of its software and merchant tables, and rendering it useless. In the event of an intrusion the software and tables are wiped out, making the terminal useless. These terminals also employ secure downloads that prevent unauthorised downloads from anyone else but the acquirer or processor with which they are associated. This prevents the downloading of software skimmer bugs.
Smart Cards: The Ultimate Weapon
The industry is also moving forward with its ultimate weapon against skimming. Smart card chips will make credit cards "skimming proof" as smart cards are not a "passive" medium and can be authenticated online using secure encryption techniques. They are highly tamper resistant and represent a level of technology that is impenetrable by criminals today and for the foreseeable future. In fact, when France rolled out smart cards it wiped out most fraud immediately. These were smart card based credit and debit cards, not the much talked about stored value cards.
Following guidelines and standards set by Europay, MasterCard and Visa, Hypercom and other terminal vendors have incorporated comprehensive smart card readers into their new terminals. For example, all Hypercom terminals are now available with EMV certified smart card readers and many of Hypercom's customers, including customers in the US, are installing smart card enabled terminals. These terminals will play a key roll in stopping credit card skimming.
Smart cards, however, will be rolled out gradually and will take many years to fully replace magnetic stripe cards. In the meantime the industry must switch to tamper resistant and
secure terminals and where necessary, such as in restaurants, deploy portable terminals that allow consumers to pay at the table.
"The minute you allow the consumer to retain possession of their card during the transaction, you can put a lot of criminals out of business and make a lot of shoppers feel a lot safer," said Jeff Roster, Senior Analyst, Retail and Consumer Goods, Gartner Dataquest. "It is essential that we do something to combat credit card skimming now.
"Out-of-control skimming will hurt the entire industry," Wallner said. "We have the technology and the products. We are calling on merchants, acquirers, processors and issuers to join forces so that we can virtually eradicate this crime."
"Focus on e-commerce fraud has deflected industry attention from the alarming sophistication and growth of physical-world card skimming techniques," said Theodore Iacobuzio, Senior Analyst with TowerGroup, the research and consulting firm based in Needham, MA. "Consumer-activated terminals like Hypercom's represent a promising new development in helping combat both the problem itself, and the erosion in the consumer confidence that it entails."
Leading industry analyst and consultant firms attending Hypercom's Third Annual Industry Analyst Briefing included: Cahner's In-Stat Group, Chaddsford Planning Associates, Collective Dynamics LLC (Coldyn), Dreifus Associates Limited (DAL), First Annapolis, Frost & Sullivan, Gartner Dataquest, IHL Consulting, Martaus & Associates, Patricia Seybold Group, Quadagno Associates, The Yankee Group and TowerGroup.
About Hypercom Corporation
Hypercom Corporation (NYSE: HYC) is a leading global provider of electronic payment solutions that add value at the point-of-sale for consumers, merchants and acquirers. Hypercom's products include secure card payment terminals and web appliances, networking equipment and software applications for e-commerce, m-commerce, smart cards and traditional payment applications.
Headquartered in Phoenix, Arizona, Hypercom maintains an installed base of more than 4 million card payment terminals which operate in over 100 countries and conduct more than 2.85 billion transactions annually. Hypercom's Internet address is http://www.hypercom.com
For more information, please contact:
+44 (0)20 7761 1734
+44 (0) 1483 718600
Photographs are available from Lucy MacDermott at Nexus.PCM
This press release was distributed by ResponseSource Press Release Wire on behalf of Nexus Technology Communications in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.