Visa Security Alert Threat Landscape: Pin Pad/POS Skimming

June 3, 2016

Incident Details

Visa Global Payment System Risk is aware of increasing incidents involving suspects placing skimming devices on point-of–sale (POS) terminals for the purpose of collecting payment card information, including PIN numbers. Perpetrators use this information to create counterfeit cards re-encoded with the stolen card information and make unauthorized ATM withdrawals. The primary targets for these recent skimming events are self-checkout terminals in supermarkets. However, any POS terminal may be at risk, including those that are often unattended, such as terminals near deli counters, coffee stands, etc. The perpetrators are mobile and will target multiple stores within a geographic area for a period of time before moving on to a new location. Most entities targeted are using payment devices that have not yet been upgraded to accept EMV cards.

Placement of Skimming Devices

Skimming devices can be placed at any time of the day but placement usually occurs during slower times of business when the perpetrators can go undetected by employees or other customers. The perpetrators will usually work in teams of two or more with one person being a lookout, one person placing the skimming device on the POS terminal and another creating a barrier so that no one can observe the skimming device being placed. Perpetrators have been known to use large items such as packs of paper towels to block the view of POS terminals. In some instances, it was reported that the suspects created a distraction in the store by faking a medical incident or causing commotion that distracted the attention of store personnel away from the POS terminals. The skimming devices will mimic the look of the front of the POS terminal.

Recommended Inspection & Response Actions

1. Prevention Through Device Inventory Management

  • In accordance with PCI DSS Requirement 9.9, ensure implementation of security controls to protect POS devices from tampering and substitution. Examples include:

Maintain a list of devices including the device serial number or other method of unique identification. 

Keep a list of device location either by store or physical location within the store itself (i.e., self-checkout, deli counter, manned checkout). 

Train personnel to be aware of suspicious behavior and to report tampering or substitution of devices.

 Verify the identity of any third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices.  

2. Physical Inspection of POS Devices

  • Implement security procedures to inspect POS devices at least twice each day and at random times.
  • Physically examine the device. Skimming devices are typically attached with minimal adhesive allowing them to be place and removed with ease, so devices may be detected by giving the front of the POS/PED a good grab-and-pull. Weighing the devices may also identify tampering.
  • Please note some skimming devices are Bluetooth enabled and data can be captured without the device needing to be recovered.
  • When inspecting devices, use backup security personnel to monitor from a distance as suspects may watch compromised terminals and suspects are trained in counter surveillance to avoid detection/arrest.

3. Device Recovery Response

  • If a skimming device is discovered on a POS terminal, do not handle it, as evidence may be damaged.
  • Notify local law enforcement and the FBI or USSS office so they can recover the skimming device.
  • Protect any video surveillance that may be used to identify any perpetrators and confirm timing of when the device was placed on the POS terminal.
  • Initiate incident response procedures and notify your Acquirer so that Visa can assist with the investigation.

 

Information from VISA April 2016

For other questions, please contact Cyber Intelligence & Investigations via email at USFraudControl@visa.com

Additional Resources:

What To Do If Compromised

insightRS_blkblu

 

Advertisements

EDI Manager now available with your backOffice™ Software

August 28, 2013

23

WANT TO SAVE SOME SERIOUS TIME?

Insight Retail Software  is proud to announce the release of EDI Manager.  Almost every vendor can supply you with an electronic invoice of your order, and our new EDI Manager allows you to import these invoices directly into backOffice™.

Once imported, backOffice™ will identify new products received in the order, any price or cost changes and the quantity shipped of each item.  With the click of a button, new items are added, price and cost changes are made, and an order is created in the inventory module!

Just another way to run your business more effectively and save you time.

For more information please complete the form below.  Thank you!


It’s Summer ~

May 30, 2012


Google Drive Released Today

April 24, 2012

For those of you with multiple stores or the store owner that works from home and wants to instantly share a document, I think Google Drive is a good [and free] tool for your business.  Check out this video for more information.  Google Drive also offers “cloud type” storage that will will easily store a copy of your backOffice™ data file.


CSNews’ Top 10 Predictions for 2012

January 25, 2012

I really like the first one on the list!  If you are adding a C-Store location or simply wanted to make your existing store more profitable, backOffice™ Software from Insight Retail Software is a great tool for you.  Our powerful software with affordable price levels is a perfect fit for the single store or chain of stores.

JERSEY CITY, N.J. — Legislative battles and a still-struggling economy marked a year of ups and downs for the convenience store industry in 2011. Now, with the new year upon us, the editors at Convenience Store News offer their top 10 predictions for the industry in 2012.

1. More buying and building of stores. 2011 saw a rush of both acquisition activity and new builds in the industry. Expect that to continue. The industry is still highly fragmented and many retailers have stated their intentions to grow and then grow some more

Continue reading the article  http://www.csnews.com/top-story-csnews__top_10_predictions_for_2012-60200.html


It’s OCTOBER!

September 30, 2011

 

 

Using the Mix and Match feature in backOffice™ your store can quickly and easily maximize your profits!  Review your prior year promotions and strategies – What worked?  What failed?  Why?  What were your busiest days?  backOffice™ can help you to answer all of these questions.

If you are NOT a backOffice™ customer – call us today.  backOffice™ can provide you the tools to start these promotions for the 2011 holiday season AND start to gather this important sales data for next year!

C-Stores, Retail Stores and Gift Shops using Gas Pump Controllers or ECR’s all have the same goal, sell – sell – sell!


Timing is Everything – Promote OCTOBER!

October 13, 2010

It’s not too late to take advantage of October Promotions.

 

Using the Mix and Match feature in backOffice™ your store can quickly and easily maximize your profits!  Review your prior year promotions and strategies – What worked?  What failed?  Why?  What were your busiest days?  backOffice™ can help you to answer all of these questions.

If you are NOT a backOffice™ customer – call us today.  backOffice™ can provide you the tools to start these promotions for the 2010 holiday season AND start to gather this important sales data for next year!


%d bloggers like this: