Credit card fraud and personally identifiable information (PII) are stolen, aka scraped, in almost every attack in order to gain a reward, which is usually in the form of money or credit and/or eventually converted into revenue or bartered online via illicit data trading. Cybercriminals commonly steal this credit card data through techniques such as using payment card skimmers, especially targeting businesses without modern chip and pin technology and/or reducing chip and pin to antiquated magnetic strips.
How antiquated is magnetic strip encoding? Did you know that the magnetic storage technology dates back to World War II? Consider also that most places in Europe do not allow a service person, e.g. in a restaurant, to walk away and run a client’s credit card. The machine is brought to the client. Solutions such as this should be brought into consideration given the new normal post-COVID-19.
If you fully adopted chip and pin technology – great! However, your readers are computers. Those systems must be constantly updated. We have seen many breaches occur based on modern malware scraping credit card data while data is in memory and/or processing. Also, a less technical method is shoulder surfing. Your customer’s credit and debit card PINs are private. Keep it that way. Do your machines shield from prying eyes, hidden cameras that a malicious employee can install? Where cybercriminals cannot break in via cyber, they either recruit employees at your business, via the web, or they actually apply for positions at your business.
|Example of a credit card machine using a magnetic strip without an eye or hidden camera prying shield.||Credit card machine with eye or camera prying shield:|
Data breaches, point-of-sale attacks, the creation of sophisticated new forms of malware and the introduction of “cybercrime-as-a-service” are now key issues affecting the security of credit card data. To better understand this growing concern, here are a few key highlights:
To help keep customer data safe, even in cases where criminals manage to compromise systems, retailers should keep PII, financial data and POS information separate from all other data stored internally. Choosing a reliable payments partner with leading-edge technology may help mitigate the threat to credit card issuers and cardmembers. Finally, as a precaution, businesses who use credit card point of sale (POS) machines to process data should frequently search for devices on their POS terminals and swiping equipment.
Ultimately to better protect a business and be in line with recent regulatory laws such as the General Data Protection Regulation (GDPR), CCPA, etc., organizations should collect the least possible amount of PII on customers, have a clear purpose for each data element, and make sure to always keep data encrypted and safeguarded, both in transit and at rest.
Here are some ways to safeguard yourself:
Please reach out to our cybersecurity experts to ensure your organization’s data is protected.