Retailers should be alert after a massive EFTPOS skimming operation in New South Wales has managed to steal $50 million from users’ credit cards.
The New South Wales Fraud Squad has said the culprits are using tampered machines in order to “skim” details from the cards used in the terminals.
Electronic Frontiers Australia spokesman Geordie Guy says retailers are not paying attention to the simple methods used to protect themselves from skimming operations.
“People aren’t doing them, and it’s really that simple. It’s one of those problems where the simplest way is quite often the best way. I think to an extent retailers are treating EFTPOS machines differently from the till. It’s often been said to keep an eye on the till, but no one looks at the EFTPOS machine.”
In a skimming operation, users can tamper with an EFTPOS machine in order to install the hardware necessary to run the operation. Additionally, some of these tampered machines could even be rigged before the terminal reaches a retail outlet.
While Guy says keeping a watchful eye on EFTPOS terminals is hard work along with a variety of other safety requirements, he recommends retailers remain vigilant.
“You have to pay attention to a lot of things, and it’s difficult. But it has to be done. I think the only way this is going to go away is when somebody comes up with an inherently secure EFTPOS machine.”
The NSW Fraud Squad has said customers must be on the lookout for irregular terminals. So far fast food, convenience stores and clothing locations have been targeted, with the McDonald’s chain among the most affected stores.
“Detectives are working closely with interstate and international counterparts as part of the ongoing investigations. Police wish to remind consumers to take precautionary steps when using EFTPOS terminals,” the force said in a statement.
“Detectives warn that offenders can covertly capture card data which is then used to fraudulently withdraw funds from victim’s bank accounts.”
The incident comes after a similar wave of skimming in Perth, when McDonald’s stores were also targeted with over $4.5 million lost. However, it is not yet known if the same group is behind the attack.
The fraud squad, which was formed last year to investigate instances of skimming, has released a list of tips for retailers including the following:
- Being aware of security around the EFTPOS terminal.
- Ensuring the terminals are left in a secure location and are not removed.
- Regularly checking all EFTPOS terminals to ensure serial numbers are correct.
Additionally, the fraud squad has also listed a number of tips for individual consumers, including:
- Regularly checking receipts and EFTPOS transaction records.
- Regularly checking bank statements.
- Constant awareness of how much funds are in an account.
- Refusal to release your PIN.
- Covering your PIN when using a terminal.
- Possibly using chip-enabled cards.