The 2016 Verizon Data Breach reported that Payment card skimmer frauds remain one of the most lucrative and easy to pull off crimes, and, that discovery of breaches was still at 99% from external sources.
How can you reduce the risk of skimmers in your store environments, reduce the time a skimmer is in place if one is installed, and train employees to monitor and identify them?
- Train your store managers and staff in how to identify skimmers, and how to monitor for skimmers.
- PCI DSS 3.2 control 9.9.2 requires that merchants: “Periodically inspect device surfaces to detect tampering (for example, addition of card skimmers to devices), or substitution (for example, by checking the serial number or other device characteristics to verify it has not been swapped with a fraudulent device).
Examples of signs that a device might have been tampered with or substituted include unexpected attachments or cables plugged into the device, missing or changed security labels, broken or differently colored casing, or changes to the serial number or other external markings.”
- Just to test the waters, ask a cashier if they know the serial number of their point of sale devices. If a cashier was checking them daily they would at least know a portion of the number.
The following article, from the Payment Card Industry Council, provides best practices for skimming prevention (be sure not to miss the last page check list):
- Once you’ve trained your staff, implement a procedure and check to be sure the procedure is being followed regularly. Certainly your staff has a lot of work to do, but quick checks between busy times can save the business’ reputation, boost consumer confidence, and sales.
Call Omega for more information on preparing your team, protecting your stores, and staying compliant. 636-557-7777 or email firstname.lastname@example.org.