Pci Security Compliance Best Practices To Deter Skimmers
As a merchant it is imperative to follow PCI security compliance best practices for avoiding the threat of skimmers to your business as it is one of the three most common fraud types the payment industry encounters. We previously featured an overview of skimmers and how to avoid having your credit card information stolen, but it is also crucial as a merchant to protect your business from this form of theft. You may not believe you are at risk, but many criminals have:
Stolen terminals from cash lanes and desks not in use,
Broken into a store and taken only the terminals,
Broken into a store and compromised the terminals,
Hidden themselves in the store until it closed and compromised the terminals overnight, leaving when the store re-opened, or
Swapped a good terminal for a compromised terminal, using large items to block attendants line of sight.
Retail merchant accounts are the first line of defense because skimming gear is always deployed at the merchants point of sale or network. Remember, skimmers may be installed by highly organized criminals in some instances, but threats may also come from relatively unsophisticated thieves using readily available, simple technology to steal cardholder data.
For the merchant, recent attacks in the headlines have led to the realization that a single fraud incident can put merchants out of business or, at the very least, significantly impact their brand and the trust people have in them. Consumers are becoming more aware of which merchants protect their information and which ones do not and are taking their business elsewhere and modifying their choice of payment type accordingly.
Listed below are some of the best practices for avoiding skimming threats:
Beware of unattended or temporarily unmanned terminals.
As part of regular checks, note the serial number on the back of the terminal and check it against the electronic serial number. Also, run your finger along the label to check that its not hiding any type of compromise.
Secure all terminals to the physical structure of the payment location when possible; however, do not drill directly into the terminal as that may cause it to stop working.
Consider cable locks: Some terminals have slots so that you can attach a cable lock (as used to secure laptop computers) to the terminal. This can then be threaded through the cable connecting the terminal to the cash register and then secure to prevent both the terminal and the cable from being compromised. This is strongly recommended as a best practice. To insert a skimming device, it is often necessary to remove the terminal from its location, or swap the existing terminal for another compromised terminal.
Be cautious of unannounced service visits; if its not Tim or Glenn, ITS NOT RETRIEVER!
Stolen terminals from cash lanes and desks not in use,
Broken into a store and taken only the terminals,
Broken into a store and compromised the terminals,
Hidden themselves in the store until it closed and compromised the terminals overnight, leaving when the store re-opened, or
Swapped a good terminal for a compromised terminal, using large items to block attendants line of sight.
Retail merchant accounts are the first line of defense because skimming gear is always deployed at the merchants point of sale or network. Remember, skimmers may be installed by highly organized criminals in some instances, but threats may also come from relatively unsophisticated thieves using readily available, simple technology to steal cardholder data.
For the merchant, recent attacks in the headlines have led to the realization that a single fraud incident can put merchants out of business or, at the very least, significantly impact their brand and the trust people have in them. Consumers are becoming more aware of which merchants protect their information and which ones do not and are taking their business elsewhere and modifying their choice of payment type accordingly.
Listed below are some of the best practices for avoiding skimming threats:
Beware of unattended or temporarily unmanned terminals.
As part of regular checks, note the serial number on the back of the terminal and check it against the electronic serial number. Also, run your finger along the label to check that its not hiding any type of compromise.
Secure all terminals to the physical structure of the payment location when possible; however, do not drill directly into the terminal as that may cause it to stop working.
Consider cable locks: Some terminals have slots so that you can attach a cable lock (as used to secure laptop computers) to the terminal. This can then be threaded through the cable connecting the terminal to the cash register and then secure to prevent both the terminal and the cable from being compromised. This is strongly recommended as a best practice. To insert a skimming device, it is often necessary to remove the terminal from its location, or swap the existing terminal for another compromised terminal.
Be cautious of unannounced service visits; if its not Tim or Glenn, ITS NOT RETRIEVER!