For emergency relief information and waivers currently in effect, click HERE.

Menu

Skimming Best Practice Tips

Skimming Best Practice Tips

  1. Have an Incident Response Plan for reporting tampered or substituted devices.

  2. At the beginning of each shift log the inspection of each device for tampering or placement of skimming devices.

  3. Train personnel to be aware of suspicious behavior of customers and to report

tampering or substitution of devices immediately as outlined in the incident response plan.

  1. Periodically rotate the individuals performing the device-checking to ensure nothing gets missed and to eliminate collusion

  2. Surveillance cameras should be sited such that they record the area around the PIN entry device but allow no method of actually recording or viewing any PINs entered

  3. Locate cameras to cover primary site entrances. Facility cameras provide a level of deterrence and a record of activity that can be used to support investigations.

  4. Support PCI DSS guidelines for 90-day storage of surveillance images

Skimming Device Recovery Response

  1. If a skimming device is discovered on a POS terminal, document and take pictures of the skimming device as-is.

  2. Document before and after removal (date/time)

  3. Use protective gloves to remove the device (criminals may leave DNA on device)

  4. Review surveillance to determine the window of exposure

  5. Notify local law enforcement and the FBI or U.S. Secret Service office so they can recover the skimming device.

  6. Protect any video surveillance that may be used to identify any perpetrators and confirm timing of when the device was placed on the POS terminal.

  7. Notify your Acquirer with your Incident Response Form with information detailing the incident. Please include the following information:

  • Date and time the skimmer was identified and removed

  • Date and time skimmer was placed on the terminal (This can be determined from surveillance camera or logs from monitoring)

  • Pictures of the skimmer

  • Contact information for the Law Enforcement Agency handling the investigation

  • Summary of any action taken

Additional Resources:

PCI Skimming Prevention Best Practices:

https://www.pcisecuritystandards.org/documents/Skimming Prevention BP for Merchants Sept2014.pdf?a

greement=true&time=1478630341390

PCI Skimming Prevention At-a-Glance:

www.pcisecuritystandards.org/documents/SkimmingPreventionAt-a-GlanceSept2014