The present invention The entry of debit and credit cards has increased the volume of transactions and types of payment made via such cards. This has aroused the interest of criminals and gradually criminal practices of stealing money from accounts served by credit and debit cards have been introduced. The cards contain, in electronic and graphic form, data about the card (number, expiration date and others) and about the cardholder (name). When a card is inserted into a device for cashless payment, the balance available at the account to which the card is attached and the status of the card itself are checked at the authorization center. The data on the card are recorded on a magnetic stripe (the dark right-hand part on the reverse of the card) and are doubled into a memory chip (the glittering brass contact pad) and by means of embossed numbers and letters on the obverse of the card. On the reverse of the card there is a signature field and a numerical security code used for Internet payments. The card always comes with a PIN code being a four-digit number that is known by the cardholder. This code is entered manually via a keypad and is a part of the procedure to carry out transactions.
In order to carry out a cashless payment by means of a card, those data need to get electronically to the authorization center where the card is identified and the transaction is authorized. In order to carry out an Internet payment it is sufficient to know the card's number, expiration date, cardholder's name and numerical security code. The data contained in the card are the ones criminals aim at. If they have those data in electronic or other form they can make payments and withdraw money on cardholder's behalf anywhere in the world until the account is emptied or blocked. The amount of money so withdrawn and illicit transactions for Europe exceeds EUR 300 billion. Data theft from credit and debit cards is known as skimming. The skimming technique is as follows: When the card is inserted into a device for cashless payment, by means of a special device (skimmer) placed inside in advance before the card gets to the reader of the cash machine (ATM) the card data are recorded or transmitted via a radio channel by the skimmer.
Subsequently, a duplicate of the skimmed credit card is made based on those data. Those data are not sufficient to carry out a transaction. A PIN code is also necessary. Two methods are mainly employed to obtain the PIN code: either to film the PIN code while it is being entered on the keypad, or to place a false keypad with a key logger, i.e. a keypad that records the entered key combinations via its keys and transmits them to the criminals. The main method employed is video camera recording. Numerous miniature and cheap video cameras enabling autonomous and high-resolution recording are currently available at the market, including the cameras embedded in GSM mobile devices. A skimmer can also be placed in a trade outlet, at the place where payments are made at the cash desk but usually the fraud happens with the participation of the staff and users cannot detect or avoid it. In order to obtain card data it suffices to have both sides of it filmed by a photo camera or a mega-pixel video camera. To do so two cameras are mounted next to the place where payments are made: one above and one underneath the cash desk work surface so that both sides of the card can be filmed in high resolution while the user hands it over to make a payment. With the information so obtained criminals just start shopping on the Internet on behalf of the user. Data stored in the card chip are, however, in a relatively safe place. To date, there are no known data that a card chip has been successfully read (skimmed).
On the other hand, credit and debit cards are intended to be used to make cashless payments all over the world. Currently, there are 1.62 billion cards with chip in circulation worldwide, i.e. 45% of all existing debit and credit cards. There are 24 million ATMs equipped with chip readers or 76% of all ATMs worldwide. These statistics show that not all ATMs worldwide are equipped with chip readers to avoid skimming devices for cards' magnetic stripes. In many countries, e.g. in North America: USA and Canada a great part of ATMs are not equipped with chip readers. In these countries the banks are not interested in carrying out skimming protection actions. It has been calculated that in the USA the total sum of the losses for the system due to skimming is about 10 times less than the sum necessary to re-equip the terminals with safer technical means. Banks' money is insured against such type of encroachments and the banks recover their damages out of the insurances. Actually, the adverse effects are felt mainly by the user. The user can do much for the safety of his/her card. To enhance the security of data in the bank card it should not be given to strangers; no information about card number should be made available; when the PIN code is entered the keypad should be covered by the other hand; if possible, night-time cash withdrawals from unlit ATMs as well as withdrawals from ATMs displaying apparent irregularities should be avoided and other instructions that are made available when the card is issued. It is recommended to use credit and debit cards with a chip. Cards with a chip have higher level of protection. The fact that the information recorded on the chip is also available on the magnetic stripe is a problem. This is done so as to enable transactions all over the world. In many countries, including, however, the USA, most ATMs and other similar devices do not operate with cards with chips. Therefore, if a card with a chip is available, it is recommended to avoid the use of devices having a reader for magnetic cards.
This can not be avoided in ATMs but can be in stores. Devices used on the stores, the so-called “point of sale” terminals have a smaller slit in which the narrow side of the card is inserted for about ⅓ of its length. Apparently, these measures are initially difficult to implement and the implementation thereof can seem strange or paranoid. It is clear that an untrained individual will hardly find a skimming device or any signs that one has been placed. (1) On the other hand, no technical means are known that are sufficiently reliable to protect one against skimming.