Cash machines, like registers and ATMs, are a vital part of nearly any business, but they are also vulnerable to physical attacks enabling card skimming and theft. While heavily regulated to improve security, cash machines can put your business at risk, because credit card theft affects your reputation and your funds, and in some cases, you may be liable for attacks.

If you want to protect your business and your customers, you need to learn how to defend your business from card skimming.

What is Card Skimming?

Card skimming is the process of stealing credit card data during transactions by inserting a small device into the POS machine. When customers swipe or insert their card to be read by the machine, the device captures their data and either stores it or transmits it directly to another device, where it is used by the hacker.

Is Card Skimming a Risk for Your Business?

If you have an older Point of Sale system and are not compliant with EMV standards or accept a high percentage of cards with Chip and Magstripe, card skimming could be a high risk for your business. Magstripe cards are vulnerable to card skimming, and in some cases, you may be liable for damages. For example, if a customer has a card with Chip and Magstripe but your business does not accept Chip and their data is stolen through card skimming, you may be held as the responsible party.

If you are EMV compliant, card skimming is most likely not a large problem, but you should learn about other risks like shimming and its potential repercussions so you can protect your business.

Shimming – Shimming is the process of replacing the contact plate inside of the ATM or Point of Sale to copy data on a card chip. This data cannot be used to create a duplicate pin card, but it can be used to create a duplicate magstripe card, which can be used if the card uses both magstripe and chip.

Employee Skimming – In some cases, employees at restaurants and bars have been known to participate in identity theft by skimming customer cards before returning them. This process typically involves quickly swiping the card, which does not require a pin, only a signature.

How to Protect Yourself from Card Skimming

Card skimming is difficult to predict, but you can take steps to protect yourself from it.

  • Ensure that all credit card transactions are handled in front of customers, not in another room. Many modern Point of Sale devices are wireless and can be taken to customer tables in restaurants.
  • Install lighting and cameras around PoS and cash machines, even at night. If someone tampers with your ATM or PoS, you will have evidence.
  • Remember that skimming devices can install in just seconds, periodically inspect your hardware to ensure that it has not been tampered with.
  • Ensure that you are up to PCI EMV standards. You are required by law to be EMV PCI compliant. If you are not, you are liable for all credit card fraud resulting from card skimming at your establishment.
  • Upgrade to EMV enabled card readers if you haven’t already.
  • Run background checks on employees handling credit and debit cards.
  • Maintain a camera in any payment areas to ensure that if an employee is swiping cards to skim them, you can catch them in the act.

ATMs at businesses and establishments other than banks account for 60% of all credit card skimming, so any ATMs on your premises should be your priority.

Credit card skimming is a multi-billion-dollar hacking industry, and while new card technologies are reducing risks, they don’t prevent them entirely. Taking steps to mitigate your risks and ensure EMV compliance will help to protect your customers while reducing your potential liability in case of a skimming attack.

A Threat Sketch risk analysis can give you the tools to prevent hacks. By recognizing the biggest risks for your business, you can take steps to allocate your security budget towards preventing them, so you and your customers stay safe.

About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.