As pay-at-the-pump skimming scams grow in the U.S. and Europe, police in Camarillo, Calif., have taken the unique step of enlisting help from civilians to fight skimming crimes.Known as the Citizen Patrol Unit, the group of some 30 civilian volunteers has been tasked with monitoring pay-at-the pump terminals throughout Camarillo, looking for signs of tampered terminals or the installation of illegal skimming devices.
Some observers, like identity theft expert Robert Siciliano, say grassroots efforts are better than nothing -- but that more anti-skimming effort is needed.
"Feet [and eyes] on the ground is a temporary solution," he says. "But it's not what's needed to prevent skimming. If the banks or station owners just employed their own [staff] to pay attention, volunteers wouldn't be needed," Siciliano says.
'We Are Sitting Ducks'
It's not the first time a community has enlisted help outside law enforcement to curb card skimming at gas pumps. Last July, Arizona Gov. Jan Brewer directed the state Department of Weights and Measures to increase gas pump inspections.
Card-skimming attacks at pumps in Utah and Florida captured headlines last year. So far this year, new attacks have cropped up in Arizona and Europe. [See, Pay-at-the-Pump Card Fraud Revs Up.] And late last week, police in Ormond Beach, Fla., warned locals that skimming devices at stations along US-1 could have been hitting cards for more than a month.
The solution, says Siciliano, starts with manufacturers. Their self-service gas pumps need more built-in security, and banks need more fraud-tracking. The first step forward, Siciliano says, hinges upon ending the common practice of using universal keys for access to self-service gas enclosures. The second step: more regulatory oversight of the petrol industry.
"As long as they are up to Payment Card Industry standards for data security, they are doing their job," he says. "But to make sure they are meeting those standards, we need to get laws passed and regulators onboard to make sure [merchants] are securing their pumps. We need to get the financial industry to pay attention to all of that, too. At this point, it may not be worth it for them to put too much pressure on these retailers. That is something we have to look at."
In the end, most remedies the U.S. market pursues to thwart card fraud are just band-aids, Siciliano says. The real problem is the United States' continued reliance on the magnetic stripe. "With EMV rolling in Canada and Mexico, we are sitting ducks in the U.S.," he says.
Too Outside the Box?
In the meantime, outside-the-box tactics, such as those displayed in Camarillo, could reap some rewards, says John Buzzard, who oversees client relations for FICO's Card Alert Service, a provider of decision management and predictive analytics for card issuers. But he warns that getting civilians involved in crime-fighting is a double-edged sword.
"I think I would have some concerns about the level of expertise of a citizens' patrol," Buzzard says. "It's admirable that the community is coming together and working together and seeing that they have a problem."
But communities like Camarillo don't want to step too far outside the box when it comes to fighting skimming attacks, he says.
"Are these civilians being trained? Are they aware of how the skimming happens? And are the police ensuring they don't put retailers and consumers in dangerous situations?" Buzzard asks. "Back in the day, skimming attacks oftentimes involved an employee who was in on the scheme. That's why it's important for banks not to let consumers know where the point of compromise occurred. The last thing you want to do is put a consumer at risk," if that consumer were to take a complaint directly to the retailer.
-bankinfosecurity.com
Tidak ada komentar:
Posting Komentar