Steps to Stop Skimming

Transaction Authentication, PCI Guidance Would Curb Fraud

By , October 24, 2011.
Steps to Stop Skimming
Read Transcript

Gray Taylor of NACS says retailers spend billions every year to fix a broken payments system. And the primary culprit is the lingering mag-stripe.Card-skimming attacks are on the rise, not just at ATMs, but also at points of sale. For the petrol and convenience stores industries, most of the pain is being felt at the pump, namely the self-service pay-at-the-pump.

Taylor, a security and compliance expert for the National Association of Convenience Stores, says the primary reason for the rise in pay-at-the-pump skimming attacks relates to the security measures retailers have implemented elsewhere in the payments chain. They've taken steps to lock down point-of-sale systems within their stores, ensuring networks are complying with data-security standards, such as the Payment Card Industry Data Security Standard. So fraudsters have adjusted their targets, aiming for the lowest hanging fruit: unattended self-service terminals.

"The retail community is forcing these gangs to move downstream, to more contact where they can collect data," Taylor says.

Merchants are taking precautions to fight the growing number of skimming attacks the industry continues to face, but there is only so much they can do. "We're spending billions of dollars every year, the merchants, trying to fix a broken system, and at some point, we have to make the choice that this just can't be fixed and needs to be revamped, and I think we're getting there," Taylor says. "The mag-stripe, because it is there on the card and because you can now use that track 2 data to buy things online, now we have to secure this entire data system around it. ... It's a broken system."

During this first part of a two-part interview, Taylor discusses:

  • How merchants are controlling access to pay-at-the-pump terminals, to limit exposure to skimming;
  • Steps NACS is taking to educated merchants about the importance of regularly inspecting gas terminals for tampering;
  • Why payments security and the need to control cost don't always jibe.

Be sure to check back for Part 2, when Taylor discusses consequences of a U.S. move to EMV, how financial institutions and merchants can collaborate to fight skimming trends, and steps vendors and organizations like the PCI Security Standards Council can take to assist merchants in the fight for stronger card security.

Taylor has worked in the convenience-store industry since 1963, when his family opened its first of 87 convenience stores. Taylor later founded a fuel-retailing business and a store-based consumer banking/debit system, the first service of is kind to be offered by a retailer. Since selling his retail interests, Taylor has been involved on a variety of projects, including recapitalization of a public alternative fuels company, heading global product management for several of the world's largest petroleum equipment and retail systems suppliers, and serving as vice president of research and technology for NACS.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Hackers Wield Extortion

More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of...

Latest Tweets and Mentions

ARTICLE Hackers Wield Extortion

More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of...

The ISMG Network