Individuals seeking to steal credit/ debit card data are increasingly targeting point-of-sale terminals and computer equipment. They will either replace your existing equipment with an identical looking machine or insert micro readers into your equipment that skims or reproduces cardholder data and even PIN numbers which they will in turn use themselves or sell to fraud rings.
Below are some tips to help protect you from such tactics:
TERMINAL OR EQUIPMENT PROTECTION
- Verify and track all service and repair technicians that handle your point-of-sale equipment.
- Make a record of the serial numbers on your equipment and inspect your equipment on a regular basis to confirm the serial numbers haven't changed and ensure there are no signs of tampering.
- Ensure that your point-of-sale zone has security cameras to record all activity.
- Periodically inspect your countertop or point-of-sale area for hidden recording devices.
- Utilize security cables or some type of tether to prevent your equipment from being exchanged.
- Train your staff to be aware of strange behavior from customers (as well as other employees). Breaches are often the result of employee abuse.
PAYMENT GATEWAY OR SOFTWARE PROTECTION
- Ensure your provider maintains the proper SSL certifications and is PCIDSS Level 1 compliant.
- Disable remote access from the Internet.
- Ensure you are using the most current version of the software or gateway.
- Always change the system default passwords.
- Restrict access to as few employees as possible.
- Enable data encryption and login features.
- Implement a hardware-based firewall with advance security features.