Visa Security Alert Threat Landscape: Pin Pad/POS Skimming

June 3, 2016

Incident Details

Visa Global Payment System Risk is aware of increasing incidents involving suspects placing skimming devices on point-of–sale (POS) terminals for the purpose of collecting payment card information, including PIN numbers. Perpetrators use this information to create counterfeit cards re-encoded with the stolen card information and make unauthorized ATM withdrawals. The primary targets for these recent skimming events are self-checkout terminals in supermarkets. However, any POS terminal may be at risk, including those that are often unattended, such as terminals near deli counters, coffee stands, etc. The perpetrators are mobile and will target multiple stores within a geographic area for a period of time before moving on to a new location. Most entities targeted are using payment devices that have not yet been upgraded to accept EMV cards.

Placement of Skimming Devices

Skimming devices can be placed at any time of the day but placement usually occurs during slower times of business when the perpetrators can go undetected by employees or other customers. The perpetrators will usually work in teams of two or more with one person being a lookout, one person placing the skimming device on the POS terminal and another creating a barrier so that no one can observe the skimming device being placed. Perpetrators have been known to use large items such as packs of paper towels to block the view of POS terminals. In some instances, it was reported that the suspects created a distraction in the store by faking a medical incident or causing commotion that distracted the attention of store personnel away from the POS terminals. The skimming devices will mimic the look of the front of the POS terminal.

Recommended Inspection & Response Actions

1. Prevention Through Device Inventory Management

  • In accordance with PCI DSS Requirement 9.9, ensure implementation of security controls to protect POS devices from tampering and substitution. Examples include:

Maintain a list of devices including the device serial number or other method of unique identification. 

Keep a list of device location either by store or physical location within the store itself (i.e., self-checkout, deli counter, manned checkout). 

Train personnel to be aware of suspicious behavior and to report tampering or substitution of devices.

 Verify the identity of any third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices.  

2. Physical Inspection of POS Devices

  • Implement security procedures to inspect POS devices at least twice each day and at random times.
  • Physically examine the device. Skimming devices are typically attached with minimal adhesive allowing them to be place and removed with ease, so devices may be detected by giving the front of the POS/PED a good grab-and-pull. Weighing the devices may also identify tampering.
  • Please note some skimming devices are Bluetooth enabled and data can be captured without the device needing to be recovered.
  • When inspecting devices, use backup security personnel to monitor from a distance as suspects may watch compromised terminals and suspects are trained in counter surveillance to avoid detection/arrest.

3. Device Recovery Response

  • If a skimming device is discovered on a POS terminal, do not handle it, as evidence may be damaged.
  • Notify local law enforcement and the FBI or USSS office so they can recover the skimming device.
  • Protect any video surveillance that may be used to identify any perpetrators and confirm timing of when the device was placed on the POS terminal.
  • Initiate incident response procedures and notify your Acquirer so that Visa can assist with the investigation.

 

Information from VISA April 2016

For other questions, please contact Cyber Intelligence & Investigations via email at USFraudControl@visa.com

Additional Resources:

What To Do If Compromised

insightRS_blkblu

 

Advertisements

Support for older versions of Internet Explorer Ended

May 31, 2016

What is end of support?

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.

Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience.

What does this mean?

It means you should take action. After January 12, 2016, Microsoft will no longer provide security updates or technical support for older versions of Internet Explorer. Security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.


Potential risk of using older versions of Internet Explorer:

Security

Without critical browser security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information.

Compliance

Businesses that are governed by regulatory obligations such as HIPAA should conduct due diligence to assess whether they are still able to satisfy compliance requirements using unsupported software.

Lack of ISV Support

Many Independent Software Vendors(ISVs) no longer support older versions of Internet Explorer. For example, Office 365 takes advantage of modern web standards and runs best with the latest browser.

Click here to read more

 


Independent Grocers Taking Aim at C-stores

March 4, 2016

NGA Show session highlights how three grocers are going after convenience.

Insight Bullseye #doBetter.jpg

March 1, 2016, 03:07 pm By Joan Driggs, Stagnito Business Information

LAS VEGAS — Independent grocers have convenience stores on their radar.

An educational session at this week’s The 2016 NGA Show, hosted by the National Grocers Association (NGA), discussed the need for independent grocers to compete against convenience stores and provided some key takeaways on how to successfully do so.

Panelists representing leading independent grocers such as Niemann Foods, Buche Foods and Docs Food Stores pointed out that convenience stores are continually upping their food retailing game with more grab-and-go and fresh prepared items. Independent grocers need to stay competitive to remain the go-to destination for shoppers, whether they’re on a weekly fill-up trip or a quick stop on their way from work.

Nine-store chain Docs Food Stores, based in Bixby, Okla., has moved many convenience items to the front of its stores, including beverages and quick meals, according to speaker Courtney Brown, vice president and chief operating officer. The chain also added an express register to help customers make a quick purchase, he shared.

Additionally, Docs takes advantage of low-priced meal deals from its hot bar and utilizes outdoor seasonal displays — such as a farm-stand truck — to communicate that its stores have more to offer than traditional convenience stores.

Brown stressed that having enough staffing is critical because customers don’t want to wait in line ever, but especially when they’re on a quick trip, it could be a deal breaker.

RF Buche, president of Buche Foods, a South Dakota chain of grocery and convenience stores (some of which offer fuel) told NGA Show attendees that rethinking your basic grocery retail strategies is key to success. Appealing to convenience shoppers means putting yourself in their shoes — not just in terms of what assortment might appeal, but also the experience.

Clean bathrooms are not to be underestimated, he noted. Buche Foods brags that it cleans its restrooms seven times a day. The company has even hosted manager bathroom-decorating contests.

Niemann Foods, based in Quincy, Ill., has about 100 stores under its umbrella, including grocery, convenience, hardware and pet stores. Rich Niemann III, director of convenience operations, discussed the company’s recent evolution in its convenience business.

The company underwent an evaluation about five years ago to determine the best place to invest and reinvent. The result is Harvest Market, two convenience stores with a focus on fresh prepared foods.

Harvest Market features sandwiches, soups and other fresh items prepared daily; hot and cold fountain beverages; and self-serve Sweet Berry frozen yogurt and toppings.

Like Buche Foods, Harvest Market makes use of its fuel operations to drive customers into the store. “Consider that 60-70 percent of fuel customers might not go inside,” Niemann said.

The company makes use of extensive advertising at the fuel pumps to promote meal deals and other items that are typically not available at convenience stores. “Fresh really sets the tone,” he said, and helps the company bounce its convenience shoppers to grocery shoppers.

The 2016 NGA Show is taking place Feb. 28 through March 2 at Las Vegas’ Mirage Hotel & Casino. The annual event brings together independent retailers and wholesalers, food retail industry executives, food/consumer packaged goods manufacturers, and service providers for opportunities to learn, engage, share, network and innovate.

The National Grocers Association is the only industry association devoted exclusively to the needs of independent grocers.

By Joan Driggs, Stagnito Business Information
  • About Joan DriggsJoan Driggs is Editorial Director of Progressive Grocer and Progressive Grocer Independent. She has more than 25 years of experience in trade journalism and market research. Joan enjoys connecting with CPG manufacturers and grocery retailers, and learning how they connect for the benefit of consumers. Her roots are in new product development and she continues to seek out the latest in greatest at grocery retail. To connect with Joan, email jdriggs@stagnitomail.com, or reach out on Twitter, @JoanPGrocer.

– See more at: http://www.csnews.com/industry-news-and-trends/competitive-watch/independent-grocers-taking-aim-c-stores?cc=3#sthash.QglNprIZ.9oqakXrR.dpuf


Do Better with backOffice™ Software from Insight Retail Software

January 28, 2013

A new customer to Insight reported that backOffice™ just saved him $280 because as he was adding in a purchase order from Lay’s he realized they were not giving him the items at the agreed upon sale price so he was actually selling the items below his cost.

Want your business to DO BETTER? Visit http://insightrs.com for more information and give us a call at 518.633.4111

backOffice Logo


The Worth Data 7000 Series

January 26, 2013

The 7000 Series RF Terminal System is our top of the line wireless RF terminal with a industry leading 3 mile RF range! Our tests show no damage after multiple 5 foot drops to concrete. The Worth Data 7000 Series RF Terminals are the lowest cost, easy-to-use, radio frequency interactive terminals available on the market today.

Standard Features:

  •   Extended Range Radio – 3.3 Miles, works in coolers
  •   Built in Li-Ion Battery(s)
  •   15 Line Color TFT LCD Display
  •   Very Small & Lightweight
  •   Sealed Keypad design to prevent contamination from entering unit
  •   Special Coated Keys for long life
  •   70 Durometer Silicone Rubber Shock Bumper
  •   Built-In I/O Connector Cover
  •   Long Life Single Power & Data I/O Connector
  •   Battery Door and/or Handle are Mechanically Screwed Down
  •   Rugged Replaceable Antenna
Worth Data 7000 handheld 7000 series

Worth Data 7000 handheld 7000 series

worth7000_front_small worth7000_kit

For more information visit our website:  http://insightrs.com/worth7000


backOffice™ V3 Released!

September 18, 2012

Take a sneak peek at backOffice™ V3

This 3-Part Series of Demonstration Videos provides a nice overview of backOffice™ Features. 

Part 1

Part 2

Part 3


Welcome to SPRING!

March 21, 2012

backOffice™ Software is the perfect Spring Fit for your Verifone Ruby, Gilbarco Passport or ECR!


%d bloggers like this: