Several times a week, I drop by Albertsons, my neighborhood grocery store. Sometimes I’m pushing a cart brimming with a week’s worth of food, and other days, I’m grabbing an item or two. But one thing’s for certain: I use my debit card to make the transaction. Like many of us, I take this convenience for granted.
But identity theft can strike anywhere. A few years ago, someone managed to swap out credit card scanners with skimming devices that recorded card information at two different Albertsons stores in California. More than 125 patrons fell victim to identity theft, and over $70,000 was stolen from their bank accounts. Needless to say, the stores and company brand suffered untold losses in terms of reputation and customer trust.
The Payment Card Industry Data Security Standard (PCI DSS) requires any organization that transmits, processes or stores data containing payment card information to protect the privacy of the cardholder. Major PCI threats include point-of-sale (POS) at terminal, phishing, skimming, interception of SQL processes and card data storage breaches.
The Albertsons incident demonstrates security vulnerability at the point of sale. In the past, most terminal issues stemmed from the use of older, non-compliant hardware, and could be remedied either through upgrades or replacements. Today, the bigger threat to stores is the ability of criminals to attach or insert devices that capture payment card data. Retailers can minimize this risk with a few simple steps:
• Inspecting payment card terminals regularly and carefully (tampered terminals can look exactly like the original ones)
• Contracting a trusted third-party specialist to make these inspections
• Procuring POS terminals from trusted, reputable dealers
• Positioning surveillance cameras so they can’t capture PIN entry, but they can record suspicious behavior
To maintain PCI DSS compliance, retailers must use a PCI-approved PIN transaction security device for both PIN pads and credit card terminals. Simply put, if it’s not on this list, it’s time to upgrade.
Keep in mind that POS card reader requirements are just one piece of the PCI compliance puzzle. It’s crucial for retailers large or small to take necessary precautions and practice diligence. For more information, visit the Dell PCI Compliance Resource Center, chock-full of related information.