WELCOME AND THANKS FOR COMING BY

The subject of credit card processing is not one of the favorites of any merchant. Each month, when they receive their statement in the mail, they cringe at the fees they've had to pay for this "privilege" of accepting credit cards for payment. This blog is meant to provide a more thorough understanding of how the industry works, what makes up the fees that you are paying and how you can improve on them. So, come by often or, better yet, subscribe to the RSS feed below and you'll be notified any time there is an update.

Wednesday, October 13, 2010

Combat Skimming of Credit Cars at Your Business

The fraudsters are getting even more active these days than before. They're out to steal credit card numbers in any way they can and they're not just after the processors and major retailers any longer. The term often referred to is "skimming" which is defined as the "unauthorized capture and transfer of payment data to another source for fraudulent purchases". According to ADT Security Services Inc., skimming nets fraudsters approximately $350,000 daily in the United States. And payment consultancy Celent LLC estimates skimming drains the global economy of $1.2 billion annually. So, you can see why the bad guys are actively searching for any opportunity or target that they can.

Skimming can be accomplished by stealing the data directly off of payment cards or by infiltrating payment networks via POS terminals, terminal locations, wires, communication channels, switches and so forth. One of the most common types of attack occur directly at the Point of Sale terminal and usually takes place with the merchants own personnel. Staff and outside contractors are "targets" of fraudsters, either through "bribery or coercion," The people that fall for this "temptation" are people who have both criminal intent and they have direct access to the customers credit card and aren't really observed or monitored much at the time of payment.

One specific industry is particularly prone to this situation and that would be in restaurants. Typically, the wait staff disappears with the diners' credit cards and can skim the card numbers in private or simply write down the appropriate information for later sale to the bad guys. If you happen to be in the restaurant business, you may want to seriously consider obtaining a few wireless terminals that can be taken directly to the customers table. Not only will this protect you but your customers will feel more at ease as well. And, a side benefit to this would be that now you will be able to capture pinned debit transactions and the resulting savings that go along with it.

You may have read in the news not long ago about huge data breaches at a couple major retailers as well as some of the largest payment processors in the business. Even they weren't immune to these sophisticated crooks. However, security measures have stepped up dramatically in those places so the cons are looking for easier targets. Smaller merchants are particularly vulnerable to skimming attacks. Mom-and-pop operations are busy with the day to day running of their businesses and might overlook signs that their terminals, or elsewhere in their business, have been compromised.

The security standards council has prepared a FREE 25 page supplement for merchants that provides photographs of how merchants can detect evidence of tampering. The report also recommends that merchants routinely inspect their businesses from the POS to the point where the cables leave the building. There are also pictures available to show merchants what actual tampering devices look like. For example, a key logger attached to an electronic cash register, for example can be smaller than a quarter and can easily be mistaken as part of the register.

Another suggestion is for merchants to limit the access to payment locations that customers and vendors have. These tampering devices can be quickly placed virtually anywhere in the system path. Installing surveillance cameras would also be a good idea and worthwhile investment. Times are tough these days and the fraudsters, either through bribery or coercion target staff and outside contractors to assist them in their endeavors.

The FREE report has helpful tips to help merchants quantify their risk levels. There are more than two dozen questions posed to merchants that are designed to evaluate whether they could be classified as low, medium or high risk to skimming attacks.

The second appendix is basically a checklist that allows merchants to document the details of their POS terminals and systems. "Take a picture of your device," Russo said. "What's the serial number? Where's it located? Where is the label? Is the label on the right side or the left side? So that when periodically somebody goes around and looks at these things to check them, they check them against this list to see if there's anything that looks different from what they had before."
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)