The latest fraud to hit card processing is known as ‘skimming’. If you are a merchant who uses card processing machines you should be aware of ways in which the security of your systems and you customers’ details could be compromised. Use our checklist to help deter and protect your business from card fraudsters. Whilst the chances of becoming a victim of card fraud today are low (fraudulent transactions make up 0.12% off all transactions, by value*), the reality is that it is a distressing event for the individual affected – and the merchant who is potentially implicated, even when they are innocent of any wrongdoing. Whilst the card payment industry invests in controls and resources to ensure that their Point of Sale (POS) and Pin Entry Device (PED) products meet the industry standards, devices continue to be regularly targeted by waves of fraudsters. Many fraudsters have up-to-date technological knowledge and are attracted by the potential of making money by selling on illegally obtained card details, which are then used to create fraudulent cards. Most of these details are sold on to be used in countries that do not yet have Chip and PIN facilities*. Skimming occurs where the theft of the card details takes place during a genuine transaction. This typically happens at cash points, especially in busy areas such as train stations or garages, where fraudsters put small cameras above the PIN keypad and a card skimmer over the real card slot. The skimmer then records all the data held on the card’s magnetic strip while the camera records the card owner’s PIN. However, skimming can also take place in the public retail sector. In almost all cases this is down to a dishonest employee rather than the merchant. Skimming can be completed here by something as simple as photocopying a receipt or by more advanced methods which involve electronic skimmers being added to legitimate terminals, or hidden under counters. The details obtained through these methods may then be used to create counterfeit cards. In 2007, counterfeit card fraud increased by 46% to £144.3 million*. Unfortunately, the person that suffers the most in this scenario is the customer. However, any bad experience with card fraud by way of your business could reflect badly on your reputation. As a merchant, you should recognise the responsibility you have for the safety of the customer’s card details. Security checklist Terminals Record the make, model, serial number and security label of all your POS terminals. Ensure that none of your terminals labels look like they have been tampered with. Record the location of each terminal in store. If your outlet uses wireless POS terminals, check at the end of each shift to ensure all terminals are present. Connections For PIN pads and POS PED devices connected to an electronic cash register, or separate host system, note how each terminal is connected to the device and how many connections are used. Depending on how your outlet transmits data to another location, check the connection system (telephone port and network connector) for signs of tampering. Also be aware of incoming calls from people claiming to be from HSBC Merchant Services, network or telecommunications companies, Master Card, Visa or the police. Surrounding area Note the area around the PED to see what display items are placed near the PED (these could be used to house cameras). Look at the ceiling above the PED (especially if this is a false ceiling). Is the tile clean, does it look as though it has been disturbed? Check the area underneath the sales desk to see if there is any new electronic equipment that has suddenly appeared without reason. Print the checklist off and, once you have ensured that your systems operate to best practice – and all your staff understand why best practice is crucial – keep it as an aide memoire in staff rooms, briefing manuals, and near sales desks. For more information on how to prevent fraudulent use of credit cards, debit cards, cheque guarantee cards and charge cards, visit www.cardwatch.org.uk. * APACS 2009 -Card Fraud Facts and Figures About the author This article was written by Ian Wright, HSBC Merchant Services’ Card Fraud expert. HSBC Merchant Services LLP is a wholly-owned subsidiary of the world’s 6th largest payments processing company, Global Payments Inc. The FPB and HSBC Merchant Services are working together to offer members comprehensive and competitively priced card processing solutions. Benefits include : Preferential card processing charges No set up fee Free authorisation calls via your terminal No refund fee Free – three months terminal rental for new HSBC Merchant Services card processing customers
The latest fraud to hit card processing is known as ‘skimming’. If you are a merchant who uses card processing machines you should be aware of ways in which the security of your systems and you customers’ details could be compromised. Use our checklist to help deter and protect yourself from card fraudsters.