Hacked card/chip readers and POS systems represent a rare but very real threat in the world of financial transactions. This scam, while not as common as others, shares many characteristics with Hacked ATM and Payment Terminals (click here for more details).
Essentially, the goal of the criminals is to install malwares on card readers and POS systems, enabling them to capture payment data from cards or chips used in regular transactions.
As for the others ATM scams related articles, even though we’re classifying it as a tourist scam, it might indiscriminately target anyone in possession of financial cards with or without chip-enabled contactless and PINless payments. Be sure to check the Extras And Thoughts and the ATM&Co Related Posts sections at the end to learn more.
1) How it Works and What You Risk
The tampered/hacked card reader or POS system becomes a tool for scammers to steal valuable payment data of cards used in all transactions:
In the case of contactless payments, the machine reads and captures the payment chip data including the card number, expiry date, and other details embedded in the chip.
For traditional card payments, it captures the data from the magnetic strip on the card as well as the entered PIN. This gives the scammers access to all the information stored on the card, including the card number, holder’s name, and CVV, as well as the PIN.
The primary, but not the only, risk associated with this scam is the potential for unauthorized transactions. This could involve making purchases, transferring funds, or even withdrawing money directly from your bank account.
2) How to Avoid it
From the research I’ve conducted, it’s incredibly difficult, if not impossible, for the average user to determine when a card reader/POS system has been hacked or tampered with. Besides using cash, the two best pieces of advice are about prevention and damage limitation.
Prevention
For contactless payments, there are payment applications and QR code-based systems. Certain services provide virtual debit and credit cards within their applications. Some should provide security in this regard because they generate unique payment codes (as if you were using a different card for each payment or for a specific period), making them virtually impossible to clone/replicate.
Damage Limitation
Set up alerts via app or SMS for each confirmed and executed transaction. This will allow you to monitor your account for any unusual activity and act if necessary.
You can find more tips, including some that I use, on how to prevent most Financial Card scams or at least limit the damage by checking out the 6 + 1 Ways to Prevent Card Reader and ATM Scams and the rest of our series from the list below.
3) ATM&Co Related Posts
4) Extras And Thoughts
Fake Card/Chip Readers and POS
In this article, we’re generally referring to originally legitimate card readers and POS systems that have been infected with malware or tampered with by criminals. This happens unbeknownst to the operator using them for receiving payments.
Let’s now turn our attention to a specific type of compromised device: fake card/chip readers and POS systems that are employed and programmed from the outset for criminal purposes. In this case, scammers would use a “legal” front business through which they sell goods or services. Any customers paying with a card or chip could have their payment data stolen during the transaction.
Regardless this little difference, they share similarities in terms of their objectives, methods, outcomes, and most importantly, the countermeasures.
About the ATM and Card Reader Scams Series
As for most of the articles in this series, please keep in mind that:
We’re trying to avoid redundancies, to learn more it’s advisable to read the 6 + 1 Ways to Prevent Card Reader and ATM Scams and the rest of the frauds (you can find them in the ATM&Co Related Posts section of this article, or under the Card Reader Scams tag).
Although relatively rare, this scam could happen to anyone, tourists and non-tourists alike. It’s not only related to ATMs, Payment terminals, or Card Readers but, as mentioned, generally to anyone who owns a card with a chip enabled for contactless payments.
Remember; the more you know, the better.
Content Disclaimer
All images are licensed under CC0, CC BY, or CC BY-SA and belong to their respective authors.