GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Uncle Sam's finger in the payment pie: A legislative update

Patti Murphy
The Takoma Group


Industry Update

Interchange mandates might help, but not everyone

Holidays a boon for data thieves, too

ETAU now in session

An AmEx Revolution


GS Advisory Board:
The best moves of 2009 - Part I

Research Rundown

Selling Prepaid

Prepaid in brief

Origins of the gift card mall

Walter Paulsen
Payments Industry Consultant


Principles for success in 2010

Biff Matthews
CardWare International

Automate or flounder

Scott Henry


Street SmartsSM:
To train or not to train

Jon Perry and Vanessa Lang

Digging into PCI - Parts 5 and 6:
Maintain a vulnerability management program

Tim Cranny
Panoptic Security Inc.

The annual marketing and communications plan

Peggy Bekavac Olson
Strategic Marketing

PIN entry devices: Plan now for July 2010

Joan Herbig

Creating positive consequences:
Three tips

Jeff Fortney
Clearent LLC

Company Profile

Performance Training Systems Bankcard Boot Camp

New Products

Digitizing Cash


Name recognition for ISOs

CarpéCharge terminal branding


Work that family mojo


10 Years ago in
The Green Sheet


Resource Guide


A Bigger Thing

The Green Sheet Online Edition

December 14, 2009  •  Issue 09:12:01

previous next

Holidays a boon for data thieves, too

For many retailers battered by a difficult economy, this year's holiday season offers not only a little festive mirth but also their best chance to climb out from the doldrums. Yet, the year-end retail surge is liable to be a boon for thieves as well, according to Bob Russo, General Manager of the PCI Security Standards Council. Accordingly, Russo recommends that retailers be particularly vigilant about theft this month.

"Tis the season to be stealing," Russo said.

A number of dangers

One source of heightened peril is simply the leap in overall sales volume during the holidays, which gives thieves more opportunities to strike by the sheer number of people using payment cards.

Russo said purchases around the holiday season also tend to be larger per ticket than they are normally, and the National Retail Federation predicts 28 percent of shoppers will use credit cards this year to buy Christmas presents - meaning a lot of lucrative data will be floating around.

Another potential source of problems is increased reliance among retailers on temporary employees - many of whom are acquired hastily. Russo said that while short hiring windows often necessitate that employers forego thorough background checks, it is nonetheless important that they at least check potential hires' references.

"Who's to say somebody's not going to come in and spend two days raking you over the coals and then leave?" Russo said.

It is prudent to limit such employees' access to financial records and other sensitive information, Russo noted. He also recommended giving every employee a unique password for entering the company computer network; this serves as a deterrent to crime and a way to trace criminal activity in the event that it does happen.

"You've got to put [new employees] through some sort of training, stay on top of them, teach them what to do in case there's criminal activity they're seeing," Russo advised. "'Procedures' is the buzzword here. I hate to say this, but management hovering is a good way to keep track. If they see an authority, they'll certainly be toeing the line, so to speak."

According to Russo, vulnerability to theft is further heightened by the use of extra "satellite" cash registers and payment terminals to cope with the bombardment of shoppers. Extra stations make it hard for managers to properly monitor transactions, and new and unattended terminals are significantly more vulnerable to tampering.

Usually such tampering involves placing a "skimmer" onto a terminal, which lifts the data off any payment card subsequently used on that device. Skimming agents often fit seamlessly onto terminals, making them hard to detect even under normal circumstances. Russo said they are even more likely to go unnoticed when used on new payment terminals unfamiliar to store owners.

Vulnerable cash registers and terminals

Russo recommended taking pictures of payment devices and checking regularly for discrepancies between the pictures and the physical terminals. He also suggested running a hand across the top of all terminals periodically to check for raised surfaces or uncovered screws, both of which can indicate the presence of a skimmer. "You want to make sure that to some degree you have [POS equipment] in a protected area," Russo said. "You can't put cameras up all over the place, but try to follow an ATM kind of a standard: make sure it's not two feet from the door where someone can shove their hand in and run away. And, finally, monitor what's going on on a regular basis."

Monitoring should always involve checking computer logs for potential criminal activity, Russo said. Some programs will alert retailers of potential fraud (for example, employees accessing records they're not supposed to see) via e-mail or text message, but most require that owners be proactive and check software records themselves. Generally speaking, bolstering security over the holidays should entail very little technical work, Russo said. "There's really a laundry list of things you can do," he said. "It's just simple things, nothing out of the ordinary, to protect what's going on this time of year when it's crazy."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios