Watchout when Swiping Cards at POS machines

Nitish ChandanCyber Security

Financial security is a rising concern now. Credit it to the demonetization or whatever, people have become a little accustomed to using mobile wallets, UPI apps and above all, swiping cards. It is intriguing to watch people at petrol pumps and grocery stores. Some of them are happy (satisfied in a way) and some really worried about swiping cards.

I came across a message on WhatsApp that went on to say the following (in a gist):

Some well dressed courier boy came at the doorstep of a family with a courier. Politely, he handed them the courier but without any information about who was it from. This guy even gave them a Wine bottle which wasn’t in the packet because “it had to be handled differently” and there were some special courier charges attached.

Most of you at this stage would say that we wouldn’t believe someone like that! Trust me, even the smartest and the wittiest have been victims of social engineering. These people have spent days and months finding out the right time to attack you.

Anyway, this courier boy then asked the family that they would need to pay Rs. 250 as the courier charges. He was even more convincing when he told them that since it was an authentic transaction, company policy was to accept payments via debit card. He then took out his POS machine (the machine at which you swipe your card). The couple gave their card and happily made the purchase. After a few hours they received messages of debits worth Rs.1,50,000.

A simple POS machine

The rest is history. Just via the message, I am unable to confirm if it is true or not. But the modus operandi of hacking people when they are swiping cards is definitely plausible. The original POS machine is topped up with an additional plastic cover that is called a skimmer. It has memory of its own and stores card details when you swipe at them. POS skimmers have been around for a long time and have been used at common places like petrol pumps, grocery stores and now via delivery services that deliver your Myntra, Flipkart and Amazon COD orders. A

POS skimmers have been around for a long time and have been used at common places like petrol pumps, grocery stores and now via delivery services that deliver your Myntra, Flipkart and Amazon COD orders. A POS skimmer is a device that grabs your information (about your card) as you swipe at a store. This information can then be copied on to duplicate cards and used for transactions. This is even more important right now because of COD orders being processed via debit cards in India. You can also watch this video.

Skimmer swiping cards POS machine

So how are you going to protect yourself from such theft of swiping cards?

Nothing in this world except common sense is going to save you. Here are a few tips that will definitely help you in the coming times:

  1. Do away with just magnetic stripe cards, chip based cards have a different technology of being used at POS machines.
  2. At the POS machine, you should NEVER give your card to anyone. You have the right to swipe your card on your own.
  3. You can either ask for the machine to be brought to you or you may go to the machine yourself.
  4. Inspecting any device before swiping your card is mandatory now after you read this post.
  5. Inspection means you can use your hand to try to softly open the top of the machine. In most of the cases where there is a skimmer there, it will come off.
  6. These kind of frauds are also happening at ATM machines but that is a topic for another post and we will deal with it another time.

Do leave a comment and Share!