POS Terminal Tampering: How to Inspect Your Devices Every Day
A daily 2-minute terminal inspection prevents card skimming. Learn the 7-point visual check every merchant and staff member should perform.
Last Updated: February 2026
Key Takeaways:
- A daily 2-minute terminal inspection can prevent card skimming that affects your customers
- Tampering often happens overnight or during shift changes — inspect before opening each day
- Never allow unverified "technicians" access to your terminals without confirming identity through official channels
- Compare terminal serial numbers to your asset register daily
- A suspicious terminal should be taken offline immediately — not cleaned, not powered off, preserved for investigation
Why POS Terminal Inspection Matters
A tampered payment terminal is invisible to customers. They insert their card, complete their transaction normally, and leave. Your receipts look clean. Nothing seems wrong.
Meanwhile, every card processed on that terminal is having its data captured — potentially thousands of customers over days or weeks before the device is discovered.
When the fraud is eventually traced back to your location, the consequences are significant: customer notification obligations, potential PCI DSS non-compliance penalties, chargeback liability, reputation damage, and the cost of replacing compromised hardware.
A daily inspection does not take long, and it can prevent all of that.
When Tampering Typically Happens
Criminals install skimming devices or swap terminals when:
- Before opening: Overnight or early morning, when no staff are present
- During busy periods: When staff attention is divided and a "customer" can distract while an accomplice tampers
- During shift changes: Brief moments when terminals are unwatched
- During fake service visits: Someone claiming to be from your payment provider or a maintenance company
The overnight window is the most common. A terminal that looked fine at closing may not look the same at opening. This is why an opening inspection is the most important one.
The 7-Point Visual Inspection
This takes under 2 minutes. Train all opening staff to perform it:
1. Card Slot Check
Look at the card entry slot. Does it:
- Look like it protrudes or sticks out more than normal?
- Have any visible overlay or additional component around it?
- Show scratches, adhesive marks, or residue around the edges?
- Feel different in texture or material to the rest of the terminal?
Apply gentle lateral pressure: does the card reader wiggle or feel loose? Genuine card readers are firmly fixed.
2. PIN Pad Check
Look at the PIN keypad. Does it:
- Appear higher than normal?
- Feel spongy, soft, or different from its usual texture when you press keys?
- Have a thin frame or border around it that doesn't match the terminal's original design?
- Have any objects resting on or near it?
The PIN pad overlay is the most common tamper mechanism because it captures the data that makes stolen card data exploitable.
3. Serial Number Verification
Every terminal has a serial number — typically on the back, the bottom, or in the terminal's own software menu. Record all terminal serial numbers in your asset register. Each morning, confirm the number on the physical terminal matches your record.
Terminal swaps — where the genuine terminal is removed and replaced with a compromised one overnight — are detected only through serial number checking.
4. Cable Check
Check all cables connecting the terminal — to the power supply, to the base unit, to the network. Look for:
- Any unfamiliar cables plugged into unused ports
- Splitter devices added to existing connections
- Cables that run in unexpected directions
5. Overall Appearance
Step back and look at the terminal as a whole. Does it look exactly as it did yesterday and last week? Any change in colour, shape, component presence, or material quality is worth investigating.
6. Functional Check
Process a low-value test transaction (e.g., a nil transaction or £1 staff purchase where allowed) and confirm the terminal responds normally — no unusual messages, no unexpected behaviour.
7. Area Around the Terminal
Check the immediate area around the terminal for:
- Any newly-attached objects (stickers, cameras disguised as merchandise, fixtures)
- Changes to how the terminal is mounted or displayed
- Any evidence that the counter area around the terminal has been disturbed
What to Do If You Find Suspected Tampering
- Do not process any more card transactions on that terminal — take it offline immediately
- Do not touch, clean, or power down the terminal — forensic evidence may be destroyed
- Do not handle the device further — if a separate overlay or device is visible, do not remove it
- Move customers to a different terminal or switch to cash-only temporarily
- Call your acquiring bank's fraud/compromise line immediately — they have a process for this
- Preserve CCTV footage — specifically from overnight and the period before you opened
- Document what you found — written description, time of discovery, photographs (of the area, not by touching the device)
- Call local law enforcement and file a report
- Wait for guidance from your acquirer before doing anything with the terminal
Do not post about the discovery on social media while the investigation is active.
Preventing Tampering: Physical Security Measures
Terminal mounting:
- Mount terminals in fixed positions where removal is obvious
- Use terminal mounting cradles with anti-theft locks where available
- Position terminals so staff have clear sightlines and customers cannot easily access the back of the unit
Access control:
- Lock your premises securely — after-hours terminal access should be physically prevented
- If your building has after-hours access (cleaning staff, deliveries), ensure no unsupervised access to the payment area
- Fit any counter flaps or gates that separate customers from your payment area
Visitor policy:
- Never allow anyone to access your terminals without prior appointment
- Call your payment provider on their official number (not one given by the visitor) to verify any engineer's identity and work order
- Require identification and maintain a visitor log
- Do not leave a visitor unattended near terminals
Training Your Team
Every staff member who opens or closes should be able to:
- Perform the 7-point inspection
- Identify what "normal" looks like for your specific terminal model
- Know who to call and what to do if something looks wrong
- Understand that reporting a suspicion — even if it turns out to be nothing — is always the right action
Consider laminating a short inspection checklist and mounting it near the terminal as an opening reminder.
Merchant POS Compromise Checklist: Suspected Terminal Tampering
Frequently Asked Questions
Q: How often should I inspect my terminals? A: At a minimum, before opening each day. High-traffic or high-risk environments (poor sightlines, frequent after-hours access, previous incidents) warrant additional checks during the day.
Q: My terminal was swapped — how would I know? A: Serial number verification catches terminal swaps. If the number on the physical device does not match your asset register, the terminal may have been swapped. This is why maintaining an accurate asset register and checking it daily is essential.
Q: A customer reported a suspicious charge after visiting my store. What should I do? A: Inspect all terminals immediately following the report. Contact your acquiring bank to report the complaint and initiate an investigation. Preserve any relevant CCTV footage. Do not wait for a second report.
Q: We had an engineer visit to "update" our terminals without advance notice. Should I be worried? A: Possibly. Contact your payment provider on their official number to verify whether a scheduled visit occurred. If they have no record, report the visit as a potential social engineering attempt.
Internal Links
- POS Security for Merchants: The Complete Guide — POS Security Complete Guide
- POS Security for Merchants: The Complete Guide — PCI DSS for Small Merchants
- POS Security for Merchants: The Complete Guide — Employee Fraud at POS
- POS Security for Merchants: The Complete Guide — POS Malware Awareness
- Merchant POS Compromise Checklist: Suspected Terminal Tampering — Merchant POS Compromise Checklist
CTA — For Merchants and Operators
Physical inspections catch external skimmers. Electronic monitoring catches what you can't see.
ATM Fortify's security assessment services help merchants and ATM operators identify vulnerabilities before they become incidents. Request a Security Consultation →
Last Updated: February 2026 | If you suspect POS tampering, take the terminal offline and call your acquiring bank immediately. Educational purposes only.
Need Professional ATM Security Support?
ATM Fortify provides anti-skimming hardware, security assessments, and fraud prevention consulting for ATM operators and financial institutions across 30+ countries.