Now that the holidays are over, you’re probably feeling the pain of your increased credit card use. You’re not alone, this fall, credit card purchases rose by 0.6 percent in both September and October. But there’s another trend: credit card-fueled identity theft and fraud. Payment cards have become a primary target of criminals because, as robber Willie Sutton once explained why he robbed banks, that’s where the money is.
Those with information technology degrees may understand how to protect computer systems from attacks, but attacks on credit cards often include an element of targeting the reader devices that consumers and store clerks use. Corporations that accept card payments, and that’s many of them, need to look at industry security standards and have plans not just to reduce fraud, but to deal with the aftermath if it happens.
For example, as consumers increase their activity charging activity, criminals ramp up credit card skimming. That’s an activity in which the crooks use devices to trap card and pin numbers. A group of fraudsters hit the Lucky Supermarket chain in Northern California. Hundreds of customers were recently affected and some lost money out of their accounts. Security issues can also appear in more mundane ways.
A 17-year-old worker at a McDonald’s in Olympia, Washington was arrested for allegedly skimming card data with a hand-held skimming device. He was supposedly spotted on surveillance cameras, using the credit card information to purchase $15,000 worth of electronics. That’s nothing compared to what four Romanians allegedly did.
The U.S. Department of Justice charged the men with a multimillion dollar fraud that involved hundreds of merchants and some 80,000 consumers between 2008 and 2011. Although the DOJ hasn’t released the details, the group somehow remotely hacked into point-of-sale and checkout systems. In other words, they ran a skimming scheme using the merchants’ own equipment.
IT departments should realize that credit card theft is an extension of computer security As the case of the Romanians shows, credit card security is thoroughly connected to the broader issue of computer security. And yet, as the Lucky Supermarket and McDonald’s episodes illustrate, it also has implications for physical security, business processes, and management practices.
The issue of credit card security is more than the potential for terrible PR. There can also be substantial fines that run anywhere from $5,000 to $100,000 for violations of compliance with Payment Card Industry (PCI) security standards. Although not a government body, the card companies enforce fines with banks for issues of non-compliance, and the banks pass them on to the merchants. A good first step is to become familiar with the PCI Data Security Standards. There is also a PCI DSS self-assessment questionnaire. Making sure your company is compliant can save major embarrassment, hassle, and expense.