The Payment Card Industry Security Standards Council (PCI Council) has responded with the definition of a new standard to reduce fraudulent phenomena, the organization plan to improve the security of PoS systems by making them upgradeable in an easy way.
Last week, the PCI council issued the version 5.0 of the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements.
A close look at the standard allowed the experts to notice the new requirements for the payment industry, in particular:
The new standard aims to contrast the intensification of card skimming attacks and intends to improve the security of the payment industry.
Banks are observing a similar trend, the popular investigator Brian Krebs recently published an interesting post that warns about an alarming increase of skimming attacks for both American and European banks.
“Skimming attacks on ATMs increased at an alarming rate last year for both American and European banks and their customers, according to recent stats collected by fraud trackers.” wrote Krebs. “The trend appears to be continuing into 2016, with outbreaks of skimming activity visiting a much broader swath of the United States than in years past.”
The FICO Card Alert Service issued several warnings about a spike in ATM skimming attacks.
On April 8, FICO noted that its fraud-tracking service recorded a 546 percent increase in ATM skimming attacks from 2014 to 2015.
PoS devices that are hard to upgrade represent a serious problem for the payment industry. Upgradeable card-reading kit are expensive and the lack of proper security posture retards the adoption of necessary countermeasures. Making card readers upgradeable should mean a significant improvement of the point of sale security.
The banking industry continues to be under attack, recently chip-and-PIN technology started to be adopted in the US because it would improve the security of the customers, merchants, and financial institutions.
The new standard will be effective from September 2017 and will replace the current version 4.1.
(Security Affairs – PCI Council er tools, cybercrime)