| The fraudsters are getting even more active these | | | | sophisticated crooks. However, security measures |
| days than before. They're out to steal credit card | | | | have stepped up dramatically in those places so the |
| numbers in any way they can and they're not just | | | | cons are looking for easier targets. Smaller merchants |
| after the processors and major retailers any longer. | | | | are particularly vulnerable to skimming attacks. |
| The term often referred to is "skimming" which is | | | | Mom-and-pop operations are busy with the day to day |
| defined as the "unauthorized capture and transfer of | | | | running of their businesses and might overlook signs |
| payment data to another source for fraudulent | | | | that their terminals, or elsewhere in their business, have |
| purchases". According to ADT Security Services Inc., | | | | been compromised. |
| skimming nets fraudsters approximately $350,000 daily | | | | The security standards council has prepared a FREE |
| in the United States. And payment consultancy Celent | | | | 25 page supplement for merchants that provides |
| LLC estimates skimming drains the global economy of | | | | photographs of how merchants can detect evidence |
| $1.2 billion annually. So, you can see why the bad guys | | | | of tampering. The report also recommends that |
| are actively searching for any opportunity or target | | | | merchants routinely inspect their businesses from the |
| that they can. | | | | POS to the point where the cables leave the building. |
| Skimming can be accomplished by stealing the data | | | | There are also pictures available to show merchants |
| directly off of payment cards or by infiltrating payment | | | | what actual tampering devices look like. For example, a |
| networks via POS terminals, terminal locations, wires, | | | | key logger attached to an electronic cash register, for |
| communication channels, switches and so forth. One | | | | example can be smaller than a quarter and can easily |
| of the most common types of attack occur directly at | | | | be mistaken as part of the register. |
| the Point of Sale terminal and usually takes place with | | | | Another suggestion is for merchants to limit the |
| the merchants own personnel. Staff and outside | | | | access to payment locations that customers and |
| contractors are "targets" of fraudsters, either through | | | | vendors have. These tampering devices can be |
| "bribery or coercion," The people that fall for this | | | | quickly placed virtually anywhere in the system path. |
| "temptation" are people who have both criminal intent | | | | Installing surveillance cameras would also be a good |
| and they have direct access to the customers credit | | | | idea and worthwhile investment. Times are tough |
| card and aren't really observed or monitored much at | | | | these days and the fraudsters, either through bribery |
| the time of payment. | | | | or coercion target staff and outside contractors to |
| One specific industry is particularly prone to this | | | | assist them in their endeavors. |
| situation and that would be in restaurants. Typically, the | | | | The FREE report has helpful tips to help merchants |
| wait staff disappears with the diners' credit cards and | | | | quantify their risk levels. There are more than two |
| can skim the card numbers in private or simply write | | | | dozen questions posed to merchants that are |
| down the appropriate information for later sale to the | | | | designed to evaluate whether they could be classified |
| bad guys. If you happen to be in the restaurant | | | | as low, medium or high risk to skimming attacks. |
| business, you may want to seriously consider obtaining | | | | The second appendix is basically a checklist that |
| a few wireless terminals that can be taken directly to | | | | allows merchants to document the details of their POS |
| the customers table. Not only will this protect you but | | | | terminals and systems. "Take a picture of your |
| your customers will feel more at ease as well. And, a | | | | device," Russo said. "What's the serial number? |
| side benefit to this would be that now you will be able | | | | Where's it located? Where is the label? Is the label on |
| to capture pinned debit transactions and the resulting | | | | the right side or the left side? So that when periodically |
| savings that go along with it. | | | | somebody goes around and looks at these things to |
| You may have read in the news not long ago about | | | | check them, they check them against this list to see if |
| huge data breaches at a couple major retailers as well | | | | there's anything that looks different from what they |
| as some of the largest payment processors in the | | | | had before. |
| business. Even they weren't immune to these | | | | |