Thursday, March 08, 2007

"Skimming Devices Target Debit-Card Readers"

In the Wall Street Journal this morning Joseph Pereira reports on the use of "skimmers" to steal data from point-of-sale debit card readers:

The brazen data breach highlights a serious vulnerability in the retailing world: computerized cash registers known as point-of-sale, or POS, terminals. Thieves can use "skimming" devices -- generally circuit boards or hand-held wireless units -- to steal payment-card data off card-swipe machines. Once the information is pilfered, it can either be used to make counterfeit cards or sold to other criminals. At times, the skimming devices are also installed in ATMs, though ATM scams are more likely to involve cameras.

Experts say that POS-related data fraud is far more common than the kind of breach reported recently by TJX Corp. in which hackers infiltrated the off-price retailer's central computer database and stole data from thousands of customers. POS fraud also occurs more frequently than so-called phishing scams, in which Internet users are tricked into giving up their credit-card and other financial information.

The article also cites a Gartner, Inc. analyst's estimate that "80% of credit-card data breaches are tied to cash-register and other POS terminals," though it doesn't state what proportion of losses are tied to data taken in this manner.