Texas takes big steps to address card skimming
One of this month’s feature articles is about the unrelenting cycle of ATM skimming, and it’s full of important information for banks to use as they protect themselves against this growing form of fraud. Unfortunately, because Texas is so economically prosperous, we’re a ripe target for thieves perpetrating card skimming crimes.
Randy Phillips, the article’s author, does an excellent job of explaining the types of physical and cyber ATM attacks bankers should be prepared to see. In addition to physical and cyber considerations, bankers should also be aware of insurance considerations should your ATM(s) suffer an attack.
The card networks have provided liability protections for EMV-compliant ATMs since October 2017. The conversion to EMV-compliant machines is admittedly expensive, though, and many banks have yet to upgrade their machines. This failure to upgrade has not gone unnoticed.
Criminals know that non-compliant machines can be skimmed and target these machines. In fact, criminals often stake out non-compliant machines and cash them out because they know they can. This was the case with an Oklahoma bank that recently had all 11 of its ATMs cashed out because the criminals knew the machines weren’t EMV compliant.
After the incident, the Oklahoma bank reported it was not in a position to invest the $200,000 necessary to upgrade its ATMs. However, the cash-outs the bank experienced cost the bank $500,000.
You may be thinking the bank’s insurance covered this loss but, unfortunately, this was not the case. While special debit card fraud coverages are available, and recommended, if your bank’s ATMs are not EMV-compliant, your claim under this coverage will be denied. As ATM skimming grows more prevalent and sophisticated it is highly recommended that your machines be EMV-compliant. This will protect the bank and its shareholders in the event of a physical or cyber attack.
Thankfully, steps are being taken to address card skimming, at least at Texas’ gas pumps. Earlier this year, the Legislature passed HB 2945, which was authored by Rep. Mary Ann Perez and 86 of her House colleagues. Gov. Abbott signed the bill in June, and the law went into effect Sept. 1.
HB 2945 requires merchants with unattended payment terminals on gas pumps to implement procedures to prevent the installation of skimmers on the pumps and report the discovery of skimmers to the state department that oversees gas pump weights and measures (currently, the Texas Department of Agriculture; beginning Sept. 1, 2020, it’s the Texas Department of Licensing and Regulation).
Gas pump owners who fail to adequately protect their pumps will be subject to both civil and criminal penalties, which means banks will no longer absorb the losses caused by careless security protocols at Texas’ gas pumps. This is a hugely important step in the right direction.
HB 2945 also created a Payment Card Fusion Center in the city of Tyler. The center will serve as the state’s primary entity for the planning, coordination and integration of the capabilities of law enforcement agencies to respond to criminal activity that is related to payment fraud and will be led by an attorney general-appointed director.
The Fusion Center’s focus will not be limited to gas pump skimming, which means that once the center is up and running, Texas will have a single point of contact for the reporting of all payment fraud — ATM fraud included.
TBA is working with the attorney general’s office and law enforcement from the city of Tyler’s Police Department on how to establish and fund the Fusion Center. We are very grateful for TBA Past Chairman Jeff Austin III and his efforts to this end. Stay tuned for more information on the center as an implementation plan is developed and executed.