Victoria Daka, Regulatory Compliance Specialist
On Monday, Bernadette blogged about the Understanding Risks in Electronic Payment Systems article from the latest NCUA Report. Today, I’d like to take a look at another article from the NCUA Report, which focuses on the sophistication of ATM skimmer technology and what credit unions should be doing to prepare for this type of attack and potential breach of member information.
Did you know that “22% of all data breaches reported in the financial services sector were credit card skimming attacks and that nearly 87% of skimming attacks were carried out on ATM’s?” Sophisticated ATM skimming attacks are now ubiquitous because of the ease in obtaining and cheapness of skimmer technology. As such, Credit Unions should take steps necessary to reduce the potential for card skimming. Here’s a snippet from the article, with steps credit unions can take to reduce the potential of card skimming:
"Use Tamper-resistant Terminals: ATMs are increasingly designed with this in mind. Credit unions should consider replacing older machines with newer and better protected terminals.
Use Tamper-evident Controls: Automated video monitoring can detect any potential signs of tampering or damage.
Encourage Users and Members to Be Vigilant: Educate members about the potential for card skimming and encourage them to report anything out of the ordinary immediately. For example, a photo of the card readers and keypads a credit union uses could be posted on its website. This would let members know not to use the ATM if it has been altered in any way.
Inspect ATMs Frequently: Have staff inspect ATMs as often as possible to reduce the potential that a skimmer could be in place. Scratches or other signs of excess wear could be signs of tampering.
Place ATMs in Areas Hard for Criminals to Tamper with Them: This includes credit union lobbies, drive-up areas or in secured spaces where users must swipe their ATM cards to enter. In each of these areas, video monitoring could be used to capture any unusual activity.”
The article is available in its entirety here.