PCI Security Standards Council Just released a skimming prevention document.
The name is Skimming Prevention: Best Practices for Merchants.
This document does not change the PCI-DSS standard or requirements for merchants. It is not necessary to run through this document to maintain compliance at a location, but it is a great tool if you are a merchant who has credit card scanning devices. What people need to remember is that as security becomes beefed up at locations because of PCI-DSS compliance efforts, then thieves will do their best to find new ways into the credit card data. By adding skimmers to credit card terminals or card scanners, thieves are hoping to grab the data before it is protected by the secure systems.
Skimming can be effective even in countries which have imbedded security chips in their credit cars like England. In 2008, there was a serious skimming ring encountered that affected numerous card reading devices. For the full article read Pakistani techies stealing European credit card data.
I highly recommend reading this document, but it does not really give any suggestions for hand held skimmers. It does have a lovely picture of one in its initial pages, but in actuality, the document does not have any real suggestions about employees (especially restaurant servers) who are skimming credit cards while they walk to the back with a customer’s card during the payment process. Eventually, we will never lose sight of our credit card because we will only pay at the table using wireless security terminals, but that system will come with its own sets of security concerns.