Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
Skimming is on the rise. How can you protect your business?
Criminals place “skimming” devices on point-of-sale terminals that sweep up your customers’ card data as it enters a payment terminal. It’s vital that you and your staff know how to spot a skimming device. You need to regularly check your payment terminals to make sure they have not been tampered with. Keep a record or log of which terminals were checked, when, who checked them, and whether anything was found.
When it comes to skimming, the rule of thumb is stay vigilant! Here are a few tips to keep in mind:
- Keep a list: Write down all payment terminals and take pictures (front, back, cords and connections) so you know what they are supposed to look like.
- Look for obvious signs: Check for tampering, such as broken seals over access cover plates or screws, odd/different cabling, or new devices or features you don’t recognize. Use the PCI Council’s Skimming Resource Guide.
- Protect terminals: Keep them out of customers’ reach when not in use and obscure their screens from public view. Make sure your payment terminals are secure before you close your shop for the day, including any devices that read your customers’ payment cards or accept their PINs.
- Control repairs: Only allow payment terminal repairs from authorized repair personnel, and only if you are expecting them. Tell your staff too.
- Call for help: Contact your payment terminal vendor/supplier or merchant bank immediately if you suspect anything.