Card Skimming - Hardware or Software?

Simplest is still best - whether they are software-based (as in the so-called 'Dexter' or 'VSkimmer' Trojan - Google it for more information) or classic hardware interception devices, card skimming is still a highly effective means of stealing card data.


The hardware approach can be as basic as inserting an inline card data capture device between the card reader and the EPOS system or Till. This sounds crude but in more advanced cases, the card skimming hardware is cunningly embedded within the card reader itself, often with a cell phone circuit to relay the data to the waiting fraudster.

Software skimmers are potentially far more powerful. First of all, they can be distributed globally and clearly are not physically detectable like the hardware equivalent. Secondly, they provide access to both 'card present' i.e. POS transactions as well as 'card not present' transactions, for example, tapping into payments via an eCommerce website.

EMV or Chip and PIN - Effective up to a Point

Where implemented - which of course, excludes the US at present - EMV technology (supporting 'Chip and PIN' authorizations) has resulted in big reductions in 'cardholder-present' fraud. A card skimmer would need not just the card details but the added encryption PIN (Personal Identity Number) to unlock it. Embedded card-skimming technology can grab the PIN as it is entered too, and hence the emphasis on requiring only approved PIN entry devices that have anti-tampering measures inbuilt. Alternatively, just use a video camera to record the user entering the PIN and write it down!

By definition, the EMV chip security and PIN entry requirement are only effective for face-to-face transactions where a PED (PIN Entry Device) is used. As a consequence, 'card not present' fraud is still increasing rapidly all over the world, proving that card skimming remains a potentially lucrative crime.

In a global market, easily accessible via the internet, software card skimming is a numbers game. It is also one that relies on a constantly renewing stream of card numbers since card fraud detection capabilities improve both at the acquiring banks and card brands themselves.

Card Skimming in 2013 - The Solution is Still Here

Recently reported research in SC Magazine suggests that businesses are subject to cyber attacks every 3 minutes. The source of the research is Fire Eye, a sandbox technology provider, and they are keen to stress that these malware events are ones that would bypass what they refer to as legacy defenses - firewalls, antivirus and other security gateways. In other words, zero-day threats, typically mutated or modified versions of Trojans or other malware, delivered via phishing attacks.

What is frustrating to the PCI Security Standards Council and the card brands (and no doubt software companies like Tripwire ®, nCircle and NNT!) is that the 6-year-old PCI DSS advocates arrange of perfectly adequate measures to prevent any of these newly discovered Trojans (and buying a Fire Eye scanner isn't on the list!) All eCommerce servers and EPOS systems should be hardened and protected using file integrity monitoring. While firewalls and antivirus are also mandatory, FIM is used to detect malware missed by these devices which, as the Fire Eye report shows, is as common as ever. A Trojan like VSkimmer or Dexter will manifest as file system activity and, on a Windows system, will always generate registry changes.

Other means of introducing skimming software are also blocked if the PCI DSS is followed correctly. Card data storing systems should be isolated from the internet where possible, USB ports should be disabled as part of the hardening process, and any network access should be reduced to the bare minimum required for operational activities. Even then, access to systems should be recorded and limited to unique usernames only (not generic root or Administrator accounts).

The PCI DSS may be old in Internet Years, but fundamentally sound and well-managed security best practices have never been as relevant and effective as they are today.



The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.