The Green Sheet Online Edition

January 23, 2012 • Issue 12:01:02

Skimming through the holiday season

By Nicholas Cucci
Network Merchants Inc.

The few days before Christmas was crunch time for many consumers. Now, sales numbers from the period are starting to arrive. The trends for the 2011 holiday season were obvious if you were one of the many trying to find that perfect gift at traditional retailers.

And online shopping saw an increase of more than 15 percent over 2010, with deals such as free two-day or overnight shipping. During the holiday season, shoppers spent over $40 billion online, according to comScore Inc.

The week before Dec. 25 showed the heaviest online shopping totals ever recorded; the preceding week came in second. In December, 12 percent of online visits to retailers' websites came from mobile devices.

Most people did research online and then traveled to nearby stores to make purchases. Some 79 percent of shoppers used their phones for research, while 58 percent of those made purchases by phone.

The fly in the ointment

With the increase in holiday shopping came a major increase in credit card skimming, which has become common. Advanced technologies such as contactless payments have opened the door for fraudsters to become more creative in their skimming strategies.

Store chain Lucky Supermarkets in California fell victim to skimming in late 2011. Self-checkout points have become a favorite target for fraudsters. According to a National Retail Federation report, 7 percent of retailers in a nationwide survey said they provide self-checkout machines - a number expected to more than double by the middle of 2012 as retailers seek to cut operating costs.

Typically, the people who operate self-checkouts are consumers, most of whom are not even aware of what skimming is or how to prevent it. This requires merchants to become more active in preventing fraud at all their locations. However, self-checkout stands are hardly the only machines that are vulnerable.

A skimming incident earlier in 2011 forced crafts retailer Michaels Stores Inc. to replace more than 4,000 employee-operated credit card readers in 20 states.

Lucky officials are limiting the release of information on the chain's breach while it is under investigation. However, Lucky's parent store Save Mart Supermarkets indicated it has replaced or inspected more than 2,500 card readers, including both self-checkout machines and registers staffed by employees in 233 stores in Northern California and Nevada.

This includes Lucky, Save Mart, Maxx Foods and Food Maxx stores. Lucky has urged all of its customers to check the status of their accounts with their respective financial institutions.

Advice for consumers

Skimmer devices affect everyone. Customers feel violated and are frightened that they will become victims of identity theft. Banks, too, are troubled when their customers' information is stolen. They stand to lose money and goodwill and become responsible for reissuing new cards, which isn't cheap.

People usually don't realize they have fraudulent charges on their accounts until it's too late. And they face a difficult time proving to their bankers that they didn't take the cash themselves. Some thieves go for the gold, immediately removing the daily allowed limit from accounts. Bank customers who have mobile alerts set up on their accounts can receive Short Message Service alerts when they've reached or exceeded their daily limit. Other customers may not be as lucky. Their banks may not offer the alert protection.

No retailer wants to be involved in a data breach. In addition to helping merchants secure their own businesses, ISOs and merchant level salespeople could suggest their merchants provide shoppers the following tips on how to fight card skimming in an effort to ensure all parties to transactions are doing everything possible to thwart fraudsters:

• Before swiping your card, check the POS device to make sure nothing is attached. Most skimming devices are attached with double-sided tape or a magnet and can easily be removed.

• Shred all financial documents and paperwork with personal information before you throw them out.

• Do not carry your Social Security card in your wallet or purse. Keep it in a safe place, and do not give out the number unless absolutely necessary.

• Do not give any personal information over the phone, through email or over the Internet unless you know with whom you are dealing.

• Make your passwords to accounts more advanced. For example, use a mix of letters and numbers, and do not use the last four digits of your Social Security number or your birth date.

• Monitor your credit cards online, checking daily or weekly for unauthorized charges. The law requires the three major consumer-reporting companies to give you a free copy of your credit report.

• View your credit report often to make sure no accounts have been opened without your consent.

• Monitor your bank accounts.

• Watch for suspicious activity around you even at ATMs and restaurants. If an ATM looks tampered with, use another ATM.

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at ncucci@nmi.com.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.