Card Skimming has become one of the biggest threats in payment card space. Lingering magnetic-stripe technology, rather than the advanced EMV chip standard used in Europe and elsewhere, is part of the problem.
EMV chip technology, oftentimes referred to as smart-card technology, relies on an embedded mirco-chip for the storage of data on a card, rather than storing that data on a magnetic-stripe, which has proven to be vulnerable to skimming. The move to EMV in other parts of the world has thwarted skimming. In the U.S and other places such as India., where mag-stripe cards remain the norm, skimming is expected to rise as per Mike Lee, CEO of the ATM Industry Association.
Tom Wills, a fraud analyst at Javelin Strategy & Research, says criminals responsible for the skimming at ATMs and POS devices have been caught this year, but their arrests are no deterrent. “2010 has been a good year for law enforcement,” he says. “But as long as there are vulnerable devices out there, the bad guys will continue to target and attack them.” He further adds that card skimming exploits a vulnerability that’s inherent in mag-stripe technology – basically, because the mag-stripe is easy to copy. As long as the mag-stripe remains the dominant card technology the problem is expected to continue.
Card Skimming also happens during POS Swipes. Thoough End-to-end encryption of card data during transmission of the transaction – from the POS to the server — is becoming a standard practice to help curb card fraud, magentic stripe skimming uses a more elemantary and fundamental weakness in the way cards are programmed to store information.
The future for plastic cards is to move to EMV chip technology and many countries including Australia have already adopted it following footsteps of European countries.
Tokenization is another option that could foil skimming attacks . Tokenization is a relatively new technology and involves replacing random numbers instead of valid values. This is especially useful where card data is stored in merchant sites.