Visa Security Alert Threat Landscape: Pin Pad/POS Skimming

June 3, 2016

Incident Details

Visa Global Payment System Risk is aware of increasing incidents involving suspects placing skimming devices on point-of–sale (POS) terminals for the purpose of collecting payment card information, including PIN numbers. Perpetrators use this information to create counterfeit cards re-encoded with the stolen card information and make unauthorized ATM withdrawals. The primary targets for these recent skimming events are self-checkout terminals in supermarkets. However, any POS terminal may be at risk, including those that are often unattended, such as terminals near deli counters, coffee stands, etc. The perpetrators are mobile and will target multiple stores within a geographic area for a period of time before moving on to a new location. Most entities targeted are using payment devices that have not yet been upgraded to accept EMV cards.

Placement of Skimming Devices

Skimming devices can be placed at any time of the day but placement usually occurs during slower times of business when the perpetrators can go undetected by employees or other customers. The perpetrators will usually work in teams of two or more with one person being a lookout, one person placing the skimming device on the POS terminal and another creating a barrier so that no one can observe the skimming device being placed. Perpetrators have been known to use large items such as packs of paper towels to block the view of POS terminals. In some instances, it was reported that the suspects created a distraction in the store by faking a medical incident or causing commotion that distracted the attention of store personnel away from the POS terminals. The skimming devices will mimic the look of the front of the POS terminal.

Recommended Inspection & Response Actions

1. Prevention Through Device Inventory Management

  • In accordance with PCI DSS Requirement 9.9, ensure implementation of security controls to protect POS devices from tampering and substitution. Examples include:

Maintain a list of devices including the device serial number or other method of unique identification. 

Keep a list of device location either by store or physical location within the store itself (i.e., self-checkout, deli counter, manned checkout). 

Train personnel to be aware of suspicious behavior and to report tampering or substitution of devices.

 Verify the identity of any third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices.  

2. Physical Inspection of POS Devices

  • Implement security procedures to inspect POS devices at least twice each day and at random times.
  • Physically examine the device. Skimming devices are typically attached with minimal adhesive allowing them to be place and removed with ease, so devices may be detected by giving the front of the POS/PED a good grab-and-pull. Weighing the devices may also identify tampering.
  • Please note some skimming devices are Bluetooth enabled and data can be captured without the device needing to be recovered.
  • When inspecting devices, use backup security personnel to monitor from a distance as suspects may watch compromised terminals and suspects are trained in counter surveillance to avoid detection/arrest.

3. Device Recovery Response

  • If a skimming device is discovered on a POS terminal, do not handle it, as evidence may be damaged.
  • Notify local law enforcement and the FBI or USSS office so they can recover the skimming device.
  • Protect any video surveillance that may be used to identify any perpetrators and confirm timing of when the device was placed on the POS terminal.
  • Initiate incident response procedures and notify your Acquirer so that Visa can assist with the investigation.

 

Information from VISA April 2016

For other questions, please contact Cyber Intelligence & Investigations via email at USFraudControl@visa.com

Additional Resources:

What To Do If Compromised

insightRS_blkblu

 

Advertisements

Support for older versions of Internet Explorer Ended

May 31, 2016

What is end of support?

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.

Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience.

What does this mean?

It means you should take action. After January 12, 2016, Microsoft will no longer provide security updates or technical support for older versions of Internet Explorer. Security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.


Potential risk of using older versions of Internet Explorer:

Security

Without critical browser security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information.

Compliance

Businesses that are governed by regulatory obligations such as HIPAA should conduct due diligence to assess whether they are still able to satisfy compliance requirements using unsupported software.

Lack of ISV Support

Many Independent Software Vendors(ISVs) no longer support older versions of Internet Explorer. For example, Office 365 takes advantage of modern web standards and runs best with the latest browser.

Click here to read more

 


BACKUP YOUR DATA!

March 30, 2016

 

spring-clipart

That means spring forward

change the batteries on the smoke detectors

and

   —   BACKUP YOUR DATA   —

Backing up your data is like flossing your teeth.

You don’t have to floss them all

 just the ones you want to keep.

backup-backup


Ever Heard of Advocacy Cards?

February 26, 2016

You haven’t, because they don’t yet exist. Read on to find out if the concept is something you should consider for your operation.

Advocacy cards. They don’t have quite the same ring as loyalty cards do, but maybe get used to the idea?

While advocacy cards are not a living, breathing thing, advocating for customers is fast becoming the new way retailers should approach customer relationship-building beyond simple loyalty efforts.

While a loyalty card program rewards consumers for quantity of goods and services bought, advocacy cards could go a step further to inform the qualitative aspect of the retailer-customer bond— rewarding shoppers who buy healthy foods, for example, with points, gift cards or other incentives.

Sounds like a daunting task for a retailer, but it’s one that all retail channels should think about.

Retailer advocacy for customers was discussed during the webinar “Top Food Trends for 2016.” Sponsored by The Food Institute and BMO Harris, the session was comoderated by Phil Lempert, known as the “SupermarketGuru,” and The Food Institute CEO Brian Todd.

In addition to citing consumers’ thirst for additional product information along with coming to grips that the “retail world is in flux,” Lempert said advocacy might be the new loyalty. In that spirit, “focus beyond relationships and think beyond loyalty to advocacy,” he said.

Your consumers are already vigilant when it comes to the food selection process—like vetting a political candidate. They abide by concepts of “free from” and “less is more,” the latter meaning products with five or fewer ingredients and no artificial ingredients. Foods labeled with health attributes saw sales increase 13%, said Lempert, citing the National Grocers Association-SupermarketGuru 2015 survey.

The broad picture: A new way of eating will be defined by new proteins, algae, insects, vegetable, yeast, cricket flour and nut powders. Rewarding your customers for participating in the trend could incentivize those higher-margin items, and earn you goodwill and higher sales in the process.

insightRS_blkblu

 


Convenience Stores Offer More Convenience

February 23, 2016

Convenience Stores Sell Time

Convenience stores offer speed of service to time-starved consumers who want to get in and out of the store quickly. These shoppers recognize this channel of trade for its convenient locations, extended hours of operation, one-stop shopping, grab-and-go foodservice, variety of merchandise and fast transactions.

The average convenience store is 2,744 square feet. New stores are bigger, with 3,590 square feet, with about 2,582 square feet of sales area and about 1,008 square feet of non-sales area — a nod to retailers recognizing the importance of creating destinations within the store that require additional space — whether coffee islands, foodservice areas with seating or financial services kiosks. Convenience stores also have expanded their offerings over the last few years, with stores become part supermarket, restaurant, gas station and even a bank or drugstore. (NACS State of the Industry data)

The convenience store industry is America’s primary source for fuel. Overall, 83.5% of convenience stores (127,588 total) sell motor fuels, a .7% increase (960 stores) over 2013. The growth of convenience stores selling motor fuels is nearly double the overall growth in the industry, as fuels retailers added convenience operations and convenience retailers added fueling operations.

Convenience stores have an unmatched speed of transaction: The average time it takes a customer to walk in, purchase an item and depart is between 3 to 4 minutes. Here’s the breakdown: 35 seconds to walk from the car to the store, 71 seconds to select item(s), 42 seconds to wait in line to pay, 21 seconds to pay and 44 seconds to leave store. (NACS Speed Metrics Research, 2002)

The convenience store industry is a destination for food and refreshments. With falling revenues from fuels and tobacco products, foodservice sales are increasingly becoming convenience stores’ most profitable category. In fact, convenience store foodservice is roughly a $41 billion industry contributing 19.4% to in-store sales in 2014 (NACS State of the Industry Report of 2014 Data).

Convenience stores are everywhere. There are 152,794 convenience stores in the United States — one per every 2,095 people. Other competing channels have far fewer stores, such as supermarkets (41,529 stores), drugstores (41,799 stores), and dollar stores (26,572). (Source: Nielsen, as of December 31, 2014)

Consumers are embracing convenience stores like never before. An average store selling fuel has around 1,100 customers per day, or more than 400,000 per year. Cumulatively, the U.S. convenience store industry alone serves nearly 160 million customers per day, and 58 billion customers every year.

Self-serve at the pump is a part of most convenience stores’ fueling operations. The first self-serve gas station was opened by Hoosier Petroleum Co. in 1930, but was closed by the fire marshal as being a fire hazard. Frank Ulrich reintroduced the idea in 1947 at the corner of Jilson and Atlantic in Los Angeles. Modern self-service began in 1964 with the introduction of remote fueling; an attendant was no longer required to reset the pumps after each transaction. Today it is now available in 48 states. (New Jersey and Oregon still require full-service operations; New Jersey’s law was enacted in 1949; Oregon’s in 1951.)​

http://www.nacsonline.com/Research/FactSheets/scopeofindustry/pages/convenience.aspx

This slideshow requires JavaScript.


Profit Comes from Healthier Options in C-Stores

February 22, 2016

KWIK TRIP RECOGNIZED FOR PROVIDING HEALTHIER OPTIONS

By June 2017, Kwik Trip will offer an expanded stock of healthier options and increase better-for-you choices in the checkout area.
February 22, 2016

​LA CROSSE, Wisc. – The Partnership for a Healthier America (PHA), which works with the private sector and its Honorary Chair First Lady Michelle Obama to make healthier choices easier, is recognizing Kwik Trip as the first convenience store to complete its commitment to expand healthier options across its stores.

“With more consumers expecting to find fresh and healthy items on the go, the convenience store industry is in the midst of a momentous shift, one that Kwik Trip has been leading for several years now,” said PHA CEO Lawrence A. Soler. “Just a few years ago it was unusual to see fresh fruit in many convenience stores, but today, Kwik Trip sells 400 pounds of bananas per store per day. In fact, after making a commitment to PHA, Kwik Trip’s bulk produce sales grew 5.5% in 2015.”

Since first teaming up with PHA in 2014, Kwik Trip has fulfilled its initial commitment to PHA by:

  • Introducing at least four categories of fresh fruits and four categories of fresh vegetables across its stores;
  • Expanding its whole grain rich offerings to at least six products; and
  • Implementing a Healthy Concessions Program in local schools.

In addition, through its EatSmart program, designed to encourage healthier options, Kwik Trip is the first convenience store to offer a PHA-approved combo meal.

“Kwik Trip has made many advancements over the past two years to make healthier choices more convenient and accessible for our guests,” said Erica Flint, registered dietitian for Kwik Trip. “We have enjoyed working with PHA and receiving the positive feedback from guests on the programs we have implemented. We are eager to continue our partnership with PHA and get to work on our expanded commitments.”

Building upon these efforts as a part of its new commitment to PHA, by June 2017 Kwik Trip will offer an expanded stock of healthier options, including healthier packaged foods like nuts and granola bars throughout the store, and will increase healthier options in the checkout area. In addition, Kwik Trip will continue to encourage more consumers to drink water more often through its support of PHA’s Drink Up initiative.

From Sheetz on the East Coast to Kwik Trip in the Midwest to Loop stores in California, convenience stores have taken note of consumer demand for healthier options. Recognized as innovators in the foodservice industry, these stores and others, including U-Gas and Twice Daily, have teamed up with the Partnership for a Healthier America (PHA) to offer healthier options like fresh-cut fruits and vegetables, nonfat and low-fat dairy products and whole grain items; and they’re promoting those healthier products through marketing efforts in the store and at the pump.

And through the NACS reFresh initiative, convenience retailers are discovering new ideas that enhance their operations and communication efforts to showcase the industry’s positive business practices with the public, media and policymakers. Partnerships with groups such as PHA that share similar values are fostering best practices and making a difference.

http://www.nacsonline.com/Media/Daily/Pages/ND0222161.aspx#.VstUyPkrLRY

fruit_selection_155265101_web

backOffice™ Software from Insight Retail Software will handle your c-Store healthier options beautifully! Do Better with InsightRS.

 


It’s Spring!

March 31, 2015

It’s Spring!  That means spring forward, change the batteries on the smoke detectors and BACKUP YOUR DATA.  Backing up your data is like flossing your teeth.  You don’t have to floss them all – just the ones you want to keep.

backup-backup


%d bloggers like this: