By Bill Farmer
In New Zealand we rarely hear about local card fraud incidents. With no disclosure laws around card fraud or breaches of customer information, accurate local data can be incredibly hard to come by. The most readily available example has traditionally been the Auckland carparks breach of 2009, when thousands had their card details stolen from a compromised parking terminal in the Central Business District. That’s all different today, with a rash of recently reported skimming attacks across Auckland.
We’ve talked about ATM skimming here in the past, but if you’re unfamiliar with the method, skimming occurs when fraudsters fit a small card reading device onto the slot of an ATM or payment terminal. When coupled with a pinhole camera that records PIN numbers, these skimming devices give criminals all the information they need to duplicate your card and go on a spending spree.
This ATM on Ponsonby Road in Auckland was recently skimmed.
We hope that these latest incidents help reinforce the message that card fraud can and does happen in New Zealand, and that all businesses need to take measures to protect cardholder data. Fraudsters are quite adept at defeating low-level security systems, though given the time and resources at their disposal it’s hardly surprising.
Skimming has been hailed as a remarkably low-tech way of conducting high-tech fraud; reading each individual card and collecting details is actually somewhat inefficient and risky. Increasingly, sophisticated fraudsters are turning their attention to infiltrating business networks and stealing credit card details wholesale. Whereas skimmers collect card numbers one at a time, a successful network hack could yield thousands.
All companies that hold cardholder data are responsible for taking measures to safeguard that information. That’s the reason that the Payment Card Industry Data Security Standards (PCI DSS) were first created – to provide a baseline of security for all businesses so that consumers could be reasonably assured that their card details were safe.
At Mako, we focus on securing the payment environment, so that when consumers swipe their card, that information remains safe inside of the payment network at a merchant location. Achieving compliance with the PCI DSS can be a difficult process, but at Mako we have delivered a step-change in the compliance process to make that process vastly simpler.
Card fraud is a booming business around the world, and we must all take steps to be vigilant against the threat posed by the fraudsters. Mako works with banks around the world to help bolster merchant defenses against card fraud, and though it’s sure to be an ongoing battle, the important thing is taking those first steps toward security and compliance. It’s us against them, and there’s no time like the present to take security seriously.
Have you been caught up in the recent ATM skimming attacks? Let us know in the comments.