Card Fraud and Skimming Attacks

October 3, 2014BSP MEMORANDUM NO. M-2014-040TO:All BSP-Supervised Institutions   SUBJECT:Card Fraud and Skimming Attacks  Electronic payment cards (i.e., ATM debit, credit and prepaid cards) are still vulnerable to skimming attacks given the continued use of magnetic stripe technology. Pending migration of the entire payment card network to EMV 1 by 01 January 2017, electronic payment cards remain largely defenseless against modern fraud techniques unless multiple layers of protection are adopted by BSP-Supervised Institutions (BSIs). To manage subject risk, BSIs are reminded to consider the specific controls to mitigate exposure from skimming attacks outlined under Annex "A" — Appendix 75f of Circular No. 808 dated 22 August 2013, namely:• Installation or implementation of additional controls to ATM and POS machines, such as anti-skimming solution, tamper-resistant keypads or video surveillance;• Establishment of detection process and alert mechanisms for timely and appropriate incident response and action; and• Use of transaction alerts on withdrawals and other transactions exceeding certain defined thresholds.Abovementioned controls highlight the BSI's need to (a) protect ATM and POS machines and (b) have proactive systems and processes...