Risks of Using Payment Cards in Face-to-Face Transactions

By Paladion

May 2, 2017

As you probably know, there are many ways in which hackers can steal your credit card details when you’re making an online payment. However, using your card offline in what are called “card present transactions” at stores, restaurants or ATMs are now just as dangerous. Luckily, there are ways to stay safe when making card transactions in person.

The Types of Threats to Your Card

There are two categories of card present transactions. The first is when you use a card to withdraw money from an ATM and the second is when you use your card to buy something, whether it’s at a gas station, shop, or restaurant. These are called POS, or “point of sale” transactions. In both situations you are at risk of skimming, when someone copies the card’s data to make a fake card, and you are at risk of someone stealing the PIN associated with the card.

How Hackers Steal Your Card Data

Most instances of skimming occur at gas stations and restaurants. Hackers use tiny inexpensive magnetic strip readers to read the data on your card’s magnetic strip. All a thief needs is for you to run your card through this reader and he is able to then use the data to make a duplicate card. To combat this, the industry has now moved to chip based cards where this sensitive data is stored encrypted on the chip.

Unfortunately, most cards still have magnetic strips as ATM technology tries to catch up. Several banks have started to issue contactless cards which uses NFC, or “near field communication” technology. This means that your data is stored in a chip embedded in the card and all you have to do is tap the card on an NFC enabled POS machine or ATM to make a transaction.

How Hackers Steal Your Pin

The most common way to steal a PIN is to use a hidden camera in an ATM or at a merchant store. This camera is focused on the ATM or POS machine keypad and transmits these images in real time to the attacker or stores it locally to be collected later.

As hackers have developed new technology, the industry has developed countermeasures. One example is that ATM’s now have a different sequence for entering your PIN. This is in response to a group of thieves known as the “glue gun robbers,” who attacked ATMs that asked for a PIN as the first step in a transaction. These robbers would put glue under command keys such as the ENTER, CLEAR, or CANCEL keys. The user would enter the PIN and then press the ENTER key, which would get stuck so that nothing further could happen. After trying for some time, the user would generally leave the ATM with the transaction half done. The robber could then quickly come in, remove the glue, and complete the transaction. By changing the ATM sequence so that the PIN is not the first detail to be entered renders the glue gun technique ineffective.

Advanced Attacks

Recently a more sophisticated payment card attack was able to compromise over 3 million cards and associated PIN’s when the network that carries the ATM card and PIN information from the ATM machine to the bank was compromised.

When you withdraw cash from an ATM, the transaction typically passes through a set of intermediaries before it hits your bank’s systems to determine if you can be provided with the requested amount. These intermediaries perform a set of functions that require decrypting the data and re-encrypting it. Although all of these operations are performed in the computer memory and not stored anywhere in the hard disk; attackers were able to infiltrate these systems at one such intermediary and then were able to steal the card and PIN information in bulk.

Precautions You Can Take

While there are many risks to card security, there are some essential precautions you can take.

  1. Avoid handing over your card at merchant locations and never hand over your PIN or write your PIN on your card.
  2. Cover the ATM or POS keypad with your hand while entering your PIN to eliminate the risk from hidden cameras.
  3. Use familiar ATM’s and look for anything unusual or abnormal about the machine or card slot before using it.
  4. Pay attention to how much of your card goes into a POS machine as most skimmers are attached to the outside and will eat up more of your card than usual.
  5. Don’t leave the ATM until the transaction is complete, especially if it looks like the machine is faulty.

To get the full story, listen to the podcast.

Tags: blog