ICFE eNEWS #16-20 - July 6th 2016
View this eNEWS online
Consumers and Businesses Take Action Against Credit Card Skimmers
By Yan Ross, Director of Special Projects, ICFE
A broad array of publications picked up the recent KrebsOnSecurity
report about credit card skimmers installed in self-checkout lanes at
several Walmart locations. It appears that nationally hundreds of
thousands of retailers use the potentially affected Ingenico credit card
POS [point-of-sale] terminals, posing a threat to both businesses and
Not only do the skimmers compromise the security of the consumer's
credit card, permitting the thieves to clone the cards and use them for
unauthorized purchases, but the businesses using the point-of-sale
terminals may be cheated out of the price of the sale or find themselves
liable for damages.
Although it has not been widely distributed, or even heavily promoted in
the media, Ingenico has issued a security bulletin on how to identify a
skimmer commonly used on self-checkout lanes powered by Ingenico iSC250
card terminals. The following is a summary of the advice from Ingenico
on how to spot the skimmers.
There is an excellent opportunity for consumers and businesses (and
their employees) to work together to foil the criminals who install
these skimming devices.
- SIZE - In order for the overlay to fit on the POS terminal, it must
be longer and wider than the target device, so the case overlay will
appear noticeably larger than the actual POS terminal. This is the
primary identifying characteristic of the skimming device. A skimmer
overlay of the iSC250 is over 6 inches wide and 7 inches tall while the
iSC250 itself is 5-9/16 inch wide and 6-1/2 inches tall. If the
edges of the terminal are covered over, there may be a skimmer on
- BACKLIGHTING and LED Light - The most common type of skimming
device blocks the backlight on the keys from coming through on the PIN
pad. Also, the green LED light that glows during a contactless card
transaction is blocked by the skimmer. If you can't see the backlight
on the keys, be aware there may be a skimmer in place.
- MAGNETIC STRIPE READER INTERFERENCE - The most common skimming
devices have magnetic read heads that may interfere with the legitimate
magnetic card reader on the underlying POS terminal, leading to greater
numbers of read failures. If you experience trouble swiping a card,
report it to the store management.
- WHERE'S THE STYLUS? - All checkout terminals include a tethered
stylus that customers use to sign their names after swiping their cards.
According to Ingenico, the skimmers made to fit the iSC250 appear to
prevent the ordinary placement of the stylus due to the obtrusive
overhang of the skimmer overlay. If you can't find the stylus to sign
the screen, there may be a skimmer in place. Be aware, however, that
many retailers set their terminals to omit the signature requirement for
sales below a certain dollar figure.
First, they may take note of the four main indicators of the presence of
Next, once removed, the skimmers and the substantial investment they
represent are lost to the thieves.
Finally, the active participation and cooperative action strengthens the
relationship between the business and the customer. It's a lot more
pleasant to announce the identification and removal of a skimmer than to
have to notify customers of a data breach!
More information from KrebsOnSecurity is posted online.
The ICFE's Certified Identity Theft Risk Management Specialist® XV
CITRMS® course is now available both in printed format and online.
The Textbook and Desk Reference edition of the course book is also
available online. Bulk pricing and
discounts for veterans and students available. Inquire at
Yan Ross is ICFE's Director of Special Projects, and the author of the
Certified Identity Theft Risk Management Specialist® XV CITRMS®
course. As an accredited educator for over 20 years, he has addressed
Identity Theft Risk Assessment and management for consumers,
organizations holding personally identifiable information, and
professionals who work with individuals and organizations who are at
risk of falling victim to identity thieves.
ICFE eNEWS is available FREE upon request by visiting the ICFE's
and filling out the contact form, selecting "Yes" for "Add to Mailing List."
Please pass this eNEWS on to your peers and interested others and
invite them to subscribe for free. Also, visit the ICFE's new Web site:
Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)
CFE - Institute of Consumer Financial Education -