Attention Business Owners – Beware of Cyber Thieves!

In a recent article by the American Bankers Association, cyber thieves are targeting non-EMV enabled retailers. “Criminals are targeting the remaining merchants that have not upgraded, including gas pumps,” said the Financial Services Information Sharing and Analysis Center, the Retail Cyber Intelligence Sharing Center and the U.S. Secret Service in a joint release. If you have not upgraded your PoS system, here are just a few security features and recommendations to consider when upgrading:

• Use end-to-end encryption. This feature encrypts the card account number and other data before it is temporally stored in the payment terminal.
• Use stronger encryption
• Tokenization of the card account number. Merchants may need to store transaction information for a variety of business purposes. A tokenized account number is a replacement account number that is not valuable to anyone outside the merchant’s own, protected environment.
• Physically attach the handheld credit card processing unit to a secure platform. Criminals have been known to replace existing handheld units with compromised units which capture card and PIN information.
• Criminals have been known to damage or disable the chips on the EMV cards so that they cannot be read and must be swiped instead. Retail staff should be aware of this practice.
• Change login credentials periodically.
• User accounts should be set to automatically disable if unused after 45-90 days.
• Lock accounts after multiple failed login attempts.

   

Visit our Security Matters page for more information fraud monitoring. If you have any questions or need to report suspicious activity, please contact us at 1.888.725.2207.