Dial up swipe machines used at the POS (Point of Sale) are highly practical and allow shop and restaurant owners to accept debit card and credit card so that a whole new selection of customers can use their services. This is almost a requirement today where so few individuals carry cash on them due to expectation and everything from ice cream vans to large function rooms now need to accept card.
However dial up swipe machines do have a connection and also deal with the card details of the customer meaning that there is still a risk of data breach. While POS systems that use internet connections are at greater risk, those that rely on dial up connections are still a risk, and in some ways more so as they’re often overlooked. One statistic suggests that four in five data breaches occur at POS systems, and with this knowledge it should be self evident how important it is to make sure your dial up systems comply too. The PCI SSC provides a list of validated payment applications and you can also check with the vendor of your dial up system. SecureConnect, a PCI compliance vendor, can also help by identifying cardholder data and by tracking the flow of data to look for inconsistencies or irregularities.
When you place a takeout order, what happens to your credit card number when the employee writes it down? An independent audit of 100 of the top restaurant chains in the U.S. revealed that 80 percent of those chains have at least one unit putting customers’ identities at risk of theft. As part of a study, GoMobo.com evaluated the actions restaurant employees take when accepting takeout orders. Employees offering to write down a credit card number violate PCI regulations.
“The PCI Risk Rating Study found that a number of restaurants are in violation of PCI regulations. The violations involve employees who write down credit card numbers given to them from customers ordering over the phone.” – Sam Oches, QSR Magazine
Credit card skimming is becoming a larger issue as technology savvy criminals or dishonest employees steal credit card data using a portable electronic device, inserting electronic equipment into the POS terminal, or even something as simple as writing down credit card information using a pen and paper. By acquiring this data, criminals can manufacture fake credit cards or use that information to purchase things online.
The Payment Card Industry Security Standards Council (PCI SSC) has created a Skimming Prevention – Best Practices for Merchants Guide to assist and educate merchants regarding security best practices associated with skimming attacks.
The impact of skimming is significant for all the parties involved in payment services. Merchants have an obligation to ensure their payment systems and infrastructure are secure.
The PCI Security Standards Council is always looking at what can be done to enhance payment card security and the latest area of focus has been related to businesses using wireless LANs. There are a number of great reasons to use wireless technology but at the same time, business owners must be sure to properly secure their networks. The following article from ComputerWorld explains this in more detail.
In the past, the council has issued standards that have become required by Visa, MasterCard, banks and others for secure processing of payment and debit cards. Troy Leach, the council’s technical director, emphasized that the recommendations in the “PCI Data Security Standard (DSS) Wireless Guideline” are not mandatory for businesses handling payment cards and using WLANs. But he adds, “This is probably the way wireless should have been deployed all along.”