The transition to EMV was supposed to all but eliminate the danger of credit card fraud, but incomplete changeover, both in chip cards and compatible payments terminals, leaves plenty of room for the less scrupulous among us to take advantage and credit card numbers in equal turns.
That's what Brian Krebs, of Krebs on Security, concluded after taking a look at card skimmer devices found at Walmart locations in Virginia and Kentucky. Made specifically to fit payments terminals made by Ingenico, the skimmers in question include not only a traditional swipe slot and keypad to capture non-EMV cards, but also a dippable well that makes it blend in perfectly in the sea of EMV terminals rolling out to retailers across the country.
While the EMV well couldn't steal any payment information itself, the keypad and swiping track would still capture everything a thief might need from a consumer who is still swiping.
Krebs noted that the skimmer retails between $200 and $300 and can be easily snapped onto Ingenico terminals in a few seconds, as it has been in multiple incidents within the last year. A non-EMV-applicable skimmer was also found at Safeway locations in February.
While the theft of non-EMV-protected credentials was most likely the intended target of whomever installed these particular skimmers at Walmart locations, it's still concerning to note that the unscrupulous technology is evolving to match today's payments landscape. Though skimming credit card information off of EMV cards is much less reliable to impossible, it'd be irresponsible to think that there isn't some group of illicitly minded folks out there trying to perfect the art of fraud well into the EMV future.