GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

The POS of tomorrow

News

Sen. Durbin, bankers criticize Fed rule

PCI to train, certify software integrators

Visa discusses DOJ probe, explains FANF, raises 'no signature' limit

Features

Microfinace News

Patti Murphy
InsideMicrofinance.com

Top 10 best practices for fighting credit card theft and fraud

Aaron Bills
3Delta Systems Inc.

Research Rundown

Isis moves closer to launch

ISOMetrics:
The future of POS technology

Selling Prepaid

Prepaid in brief

Banks seek relevance with prepaid

Customer support's centrality to open transit payments

Views

ACH and the POS: Not necessarily made for each other

Patti Murphy
ProScribes Inc.

Payments ripening on the vine

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
The hard, but valuable lessons of failure

Jeff Fortney
Clearent LLC

Paving the way to fraud deterrence

Nicholas Cucci
Network Merchants Inc.

Five tips for choosing the best POS system

David Robertson
Harbortouch

Company Profile

ExecuTech Lease Group

The Small Business Authority

New Products

A future-proof POS terminal

L5300
Equinox Payments LLC

A secure platform for restaurants

SmartLink for Restaurants
Heartland Payment Systems Inc.

Inspiration

Be grateful for no

Departments

10 Years ago in The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

May 28, 2012  •  Issue 12:05:02

previous next

Paving the way to fraud deterrence

By Nicholas Cucci

How could anyone forget the multiple Sony Corp. breaches that occurred over a 30-day period in 2011? This year is also gaining its share of notoriety with the recent breach of Global Payments Inc., which reportedly enabled hackers to access 1.5 million card numbers.

While this may seem like an alarming number, it is only a fraction of the 1 billion cards used in North America, according to Forbes.com LLC. Credit card data is a hot commodity because it can be used to create counterfeit cards.

In April 2012, American Express Co. sent a letter to card members about the Global Payments breach but didn't mention the target, even though the news had already been made public. An excerpt from the letter read, "A company that provides payment processing services to numerous merchants in North America has informed us that there has been unauthorized access to a portion of its processing system.

"As a result, account information of some of our card members, including some of your account information, may have been improperly accessed. The processor, or other parties, including merchants where you have used your card, may also contact you about this incident."

Visa Inc. was the first company to remove Global Payments from its list of approved service providers. Global will be certified again, but it will pay Visa more to process transactions.

Breaches on the rise

First Data Corp., the largest payment processor in the United States, recently warned of emergent sophisticated trends in hacking. The company said it is seeing a substantial increase in the number of POS systems that are unprotected or only loosely protected as well.

Prominent sandwich shop franchisor Subway was recently breached, compromising data for more than 100,000 cardholders. According to the Bank Info Security website, the culprits planned the attack for more than a year before carrying it out. Attacks on payment systems are only going to increase over time.

The challenge for both ISOs and merchant level salespeople (MLSs) is educating smaller merchants on Payment Card Industry (PCI) Data Security Standard (DSS) compliance. Merchants need to understand that their systems and technology must comply with current practices to limit their vulnerability.

Neither Visa nor MasterCard Worldwide includes Level 4 merchants on its list of PCI DSS compliant merchants. This is because Level 4 merchants are not required to undergo compliance audits by qualified security assessors; the card brands assume these merchants conduct self-assessments, which apparently is not happening.

Merchants in need of education

What steps can merchants, ISOs and MLSs take to cut back on data breaches and fraud? This question was posed to Roy Derby, a veteran law enforcement official and current Director of Risk Management for America's Bankcard Alliance LLC.

"The credit card processing industry is based on risk, and it's our duty and obligation to mitigate the risk for our merchants," Derby said. "One of the most overlooked and basic ways to help your merchants is prevention through education."

Being proactive is essential to reducing one's risk. One way to achieve this is through training. Most merchant sales trainees receive entry-level instructions on how to use credit card processing equipment and the definition of fraud.

Providing ongoing training is key, along with establishing policies on the steps to take when the inevitable suspicious activity occurs. The small price of keeping staff updated on the latest scams and trends can positively impact profit margin and reflect a store's reputation for zero tolerance.

When Derby explains to merchants the importance of keeping staff informed, he draws from his prior experience as a detective assigned to paper crimes (forgeries, bad checks and unlawful use of credit cards). "I always knew where the most activity was going to occur simply due to certain stores' reputations on the street as being easy," he said. "Don't be that easy target. Be the one the criminal decides to skip and move onto the next store."

Fraud-fighting tips to share

ISOs can assist Level 4 merchants by:

In addition, ISOs and MLSs can share fraud-fighting techniques and trends with merchants by giving them the following advice:

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at ncucci@nmi.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios