Credit card 'skimmers' threaten new attacks on UK retail chains

Cardweb, the famous Maryland-based payment card information network, has issued a warning to US and UK retailers that credit card fraudsters are inserting new kinds of so-called 'skimming bugs' into electronic terminals – bugs designed to steal credit and charge card numbers, writes Monica Dobie.

Tiny pieces of hardware are being planted by fraudsters working under cover in selected stores. Once installed, the 'skimmers' are programmed to switch on and off at set intervals, transmitting credit card numbers to a central, remote location. Since a number of devices are involved, retail security managers are finding detection a rather difficult task.

Skimming bugs are particularly insidious as they obliterate the Common Point of Purchase (CPP) record – used by the card association's network software to pinpoint those retailers from whom most of the skimming originates. The system allows criminals to compile long lists of credit card numbers, sometimes storing them for weeks to make it impossible to trace numbers back to an individual retailer.

Counterfeit cards are then made and usually shipped to Asia, accumulating no less than US$2,000 worth of fraudulent charges before being detected. This is costing US retailers alone a staggering US$1 billion per annum.

Speaking exclusively to SMT, George Wallner of electronic payment solutions provider the Hypercom Corporation said: "Until now, the card associations had an effective weapon to combat skimming. By using sophisticated software they could check common factors shared by fraudulently-copied cards, and thus the goods and services providers where high levels of skimming occur. The associations could then assess fines against retailers, and withdraw card privileges if need be."

Wallner added: "With skimming, no clear patterns emerge, and no easily-identified CPP. It's not an easy matter for security teams to try and combat the problem." He suggested that retail security managers in the UK continue to combat old-style skimming by always using mobile terminals that ensure cards never leave the consumer's possession.

"Ultimately, we must move towards using 'smart card'-style credit cards that are skim-proof," said Wallner.

Britain's leading banks are contributing to the costs of a new Home Office-backed organisation tasked with tackling organised credit card fraud.

Initial proposals – due to be implemented by 2004 – centre on credit hard holder details being contained in a chip on the card, and for PINs to replace handwritten signatures at the point of sale.