Trusted security “informant” Brian Krebs just shared that the United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at post office locations across the United States. Alarming, right? We’ve heard umpteen times about various retail brick and mortar stores falling victim to payment card skimmers, but here’s a first.
Moreover, according to the Verizon 2014 Data Breach Investigations Report, payment card skimming, is one of just nine total patterns of threats which are tied to 92% of the 100, 000 security incidents analyzed over the last 10 years. And, according to the same study, this type of criminal activity has been primarily targeted at the Finance and Retail industries to date. Looks like perpetrators are looking for a wider range of targets.
What is further disturbing is that now it has become somewhat easier for would-be criminals to more surreptitiously steal data. For one, they can purchase skimming devices that are Bluetooth enabled, which allows them to download the track and PIN data easily and remotely, from the safety of a parking lot! In addition, they can get skimming devices with built-in SIM cards, allowing for remote configuration, remote uploading of data, and tampering alerts that, if triggered, can cache the data and send it out immediately to the thieves, making it difficult for the victims to discover that there has been a data exfiltration.
Given the recent multiplicity of payment card skimming occurrences targeted at retail and post office locations, I have become quite wary of shopping using my credit and debit cards. Are you, too? The thing is, it’s convenient to pay by card vs. cash.
Still, prevention is better than cure. If you aren’t already, take note of and follow Verizon’s suggestions. I certainly plan to:
- Protect the card PIN by covering it with a hand to block any possible miniscule cameras that may be recording as you enter it.
- Be mindful of surroundings – if you see multiple payment card devices installed, just check if they all look “the same” – should the device you are about to enter your card into look different from the others, don’t use it.
- Inform the merchant and/or bank if something seems out of place (e.g., the payment card device appears to have been tampered with, or someone seems to be attaching a foreign object to the device, etc.) so they can investigate the matter.
Safe shopping everyone!