Credit card fraud is a common issue for both small and large businesses. Using a card machine security system is the first step in protecting your business from credit card fraud.
Keeping up to date with software and hardware is another important way to stay protected. Older points of sale (POS) terminals are more likely to be susceptible to hacking and can have less secure encryption than newer systems. Newer POS terminals typically come equipped with EMV (Europay, MasterCard, and Visa) chip readers, which are more secure than traditional magnetic stripe swipers.
Skimming is the most common method of credit card fraud, where a criminal steals your customers’ information from your POS terminal by installing a device (or “skimmer”) to record the credit card number and security code at the point of sale. The skimmer can be either external (attached to the outside of your POS terminal) or internal (mounted inside).
The PCI Data Security Standard is set by card brands like Visa and MasterCard and requires all merchants to maintain a safe processing environment. While it is almost impossible for a small merchant to meet all of the requirements, there are ways to minimize your risk and still allow you to store credit card data.
You must keep up with the requirements of the PCI DSS and the PCI PTS (PIN Transaction Security) standard to ensure your business is protected from credit card fraud. The PCI DSS outlines minimum standards that you must meet, while the PCI PTS focuses on the physical and logical security of devices used to process credit cards and PIN debit transactions.
A key element of the PCI PTS is the requirement that all POS terminals that process PIN debit must be equipped with Triple DED (TDES) encryption pin pads. If you have an older POS terminal that does not meet this requirement, it will need to be replaced with a compliant one.
All employees who have access to credit card data at your company should be properly trained in security policies and procedures, including how to spot a fraudulent transaction. Employees should also be aware of the risks of clicking on suspicious links and only using reputable payment software.
Lastly, make sure your employees know to never leave a card machine unattended. A criminal could use the time while you are away to tamper with the device or even swipe the card.
You may be required to submit a self-assessment questionnaire and undergo penetration testing as part of your compliance program. These tests are performed by a qualified vendor and typically require you to register on the Coalfire portal.
You must have a backup system in place to process cash, checks, and debit cards in case your primary card-processing terminal is down. In addition, you must implement an EMV or NFC solution that allows you to accept mobile payments if your customers are using Apple Pay, Android Pay, or Samsung Pay at your location.