Out with Skimming, In with Shimming?

by Mercator Advisory Group 0

The endless cycle of measure-countermeasure in the payment card security battlefield now includes the practice of ‘shimming’ by bad actors. Lifting customer information from the cards is nothing new, but the process to do so from the EMV card reveals the technical resource that are being devoted to by some to perpetuate their practice of fraudulent card use.

While the data collected cannot be used to counterfeit chip cards, it can be used to make fake magnetic-stripe cards. Criminals will likely attempt to take advantage of this vulnerability by using the counterfeit cards for fraudulent purchases. Merchants who have not yet implemented EMV chip technology, in particular, may see these purchases come through.

Mercator Advisory Group anticipates the acceptance and use of chip cards will negatively affect the economics of “shimming” over the course of 2017 and 2018 as more retailers make the change to chip readers at the point of sale. We also expect to see more widespread of instances of card not present fraud. Financial institutions will benefit from improved communication with peers, processors, and networks to more quickly share awareness of these new and rapidly evolving schemes.

Overview by Joseph Walent, Associate Director, Customer Interactions Advisory Service at Mercator Advisory Group

Read the full story here