News

PAYby CALL, the anti-skimming vaccine

How can a card-over-the-phone payment solution be the best solution against skimming scams? Precisely because it can avoid the need to use physical card payment terminals. Fantasy? Excessive caution? It would be something that we could raise with the victims of this type of scam….

In 2022, in the first quarter alone, these types of scams grew by 700% in the United States. The losses for businesses and users are stratospheric. Before going any further, it is useful to explain in a simple way what skimming is, how to avoid it and why PAYby CALL’s secure telephone card payment can be a good way to avoid it.

Skimming: a card in the wrong hands

Skimming is a technique for cloning a credit card at a point-of-sale terminal or ATM using a device that copies the card’s magnetic stripe and the data contained therein. The fraudster places an electronic chip in a legitimate device and retrieves that data later to use it for his own benefit.

This sophisticated technique, which has been around for more than twenty years and was originally detected mainly in ATMs, is experiencing a second youth due to the proliferation of point-of-sale terminals (POS), also due to the increased security of ATMs.

What makes the skimming is that, unlike other scams such as phishing or vishingthe user of the card, nor the user of the card he doesn’t even realize that his data has passed into the wrong handsIt is enough to make a card payment at a “skimmed” terminal for criminals to start doing their business.

The worst consequences for small businesses

It goes without saying who, apart from the users themselves, suffer the worst consequences of the new wave of skimming: small businesses. The banks, apart from being more experienced, have more technical means to protect themselves. So the small business is the first interested in avoiding this type of scam.

In particular, those business models with a low possibility of terminal surveillance or that are located in high-traffic locations are especially exposed. The paradigmatic case in the United States is self-service gas stations, but I am sure we can think of many other high-risk examples…

Not surprisingly, one of the top PCI security recommendations for small businesses is the regular and comprehensive review of payment terminals The use of the product should be checked for tampering, kept out of the reach of “anyone” at the counter or elsewhere in the store, and only the services of authorized installers should be used.

From POS to PAYby CALL?

The Achilles heel of the system as far as this scam is concerned is purely technical, but as we can see it can be solved with a series of good practices. To the point of considering the possibility of minimizing the use of POS in our businesses by replacing them with a payment system that does not require the physical use of the card.

Logically, this payment system must be robust, procedurally agile and more secure than the mechanism it is intended to replace. Simple, customizable for each business model and strictly compliant with PCI-DSS level 1 certification standards, PAYby CALL’s telephone payment solution is a good medicine against skimming.

At this time it would be more realistic to think of a complementary system for our customers to expose less of their cards and data, in another payment channel that would reduce the threat of card cloning progressively and, in many cases, significantly. In the future, who knows…

Learn about our service