Recent news reports and the accompanying CCTV video show how quick and easy it is for thieves to install a skimming device – built into a skin that snaps over your credit card terminal – and steal your customers’ data.
If you watch the video you can see just how quickly the bad guys can move.
This could happen to any merchant that has a card payment device within reach of the public. The video is a reminder that we should all be on guard to make sure this type of theft is not happening in our stores.
Close inspection of your terminal and knowledge of what it’s supposed to look like will usually thwart most of these types of attacks. You should institute some or all of the following procedures to minimize the potential of this type of data breach happening.
• Perform daily visual inspections of your devices to look for evidence of tampering.
• Train your employees to do the same thing and encourage them to report anything unusual.
• Require all visiting repair technicians to sign in and provide appropriate company information. If you aren’t expecting a visit, call your merchant processing vendor to confirm that the technicians are truly employees.
• Utilize a locking stand that prevents the placement of an overlay shell and makes it impossible to attach a recording device.
• Place tamper-evident stickers on terminal casings. Removal or covering of such decals are indicative of possible fraudulent activity.
If you discover a skimming device, immediately contact both your merchant processing vendor and the local police department. Follow their direction regarding the disposition of the terminal.
As always, if you have questions about this or any other merchant processing issue, please don’t hesitate to contact Michigan Floral Association at (517) 575-0110
John Mayleben CPP is Michigan Retailers Association senior vice president, technology and product development, and a national expert on electronic payment processing. He was the first person in Michigan and among the first in the nation to receive the Certified Payments Professional designation from the Electronic Transactions Association.