How Credit Card Information is Stolen

How Credit Card Information is Stolen

As a merchant you have a responsibility to protect your customers sensitive data, yet every year we hear about massive data breaches and most people with a credit or debit card have received a replacement card due to a breach. While these types of large scale breaches get the most attention, there are other ways to have your card information stolen. In this post we will explain some of the ways that credit card information is stolen, and precautions you can take to avoid it.

Card Skimming

Card skimming is most prevalent on ATM’s and other forms of unattended card readers. This is achieved by placing a small device where you insert or swipe your card that reads the magnetic stripe data to be retrieved later. These can take the form of a false front on the card slot at an ATM or gas station. It can be a small device attached to a card reader. These can also be accompanied by a small camera or pin pad overlay to record the pin number.

The best way to prevent card skimming is to be aware and test devices before you use them. Check that the card reader is securely fastened as most ATMs and gas pump card readers are made to be solid, so if the parts are loose or look out of place, report it to the owner and use a different ATM, gas pump, or avoid using the vending machine, whatever the case may be.

Malicious Software

While most computers have firewalls and security software, hackers are constantly innovating ways to get around them. When  malicious software is installed on the computer or your network they can track keystrokes or intercept data that is then sent to the hacker. This will include logins, passwords, secret answers, etc. To avoid this style of identity theft, ensure that your security software is up to date. Avoid downloading software from unknown sources and ensure that your computer and network are being scanned regularly to detect and remove any possible malicious software.

Dishonest Employees

Sometimes it can be an employee who is perpetrating the fraud. Whether by copying the information using a skimmer, writing down the card info, or taking the data from the office, all of these are potential data breaches. The best way to manage that is to use clear policies regarding who is able to handle card data and that it is restricted to a need to know basis and make sure that you or your managers know how to spot skimmers or potential tampering.
Prevention is your best tool in dealing with fraud because once it happens it can be very costly. If you become aware of an issue, address it right away and contact your merchant services provider for advice on how to minimize any damage caused.

Fraudsters Move Online

Fraudsters Move Online

The migration to EMV has been difficult for many businesses and consumers. On the business side it has ranged from purchasing new equipment, and training employees and customers. On the consumer side, you may have received a new card, had to update all your payment data, had to learn how to use the chip, then been confused when the next store you go to doesn’t accept chip. No to mention the many people who are frustrated with the increased interaction and wait time. With all of this hassle, it begs the question, was it all worth it? For U.S. banks and businesses, the answer is Yes. The amount of card present fraud (meaning a person attempting to make a purchase with a copied or stolen credit card at a retail location) has declined significantly.

 

The problem is that this has caused fraudsters to move online. According to a report by Javelin Strategy and Research the frequency of credit card fraud committed online and through phone orders has increased around 40% from 2015 to 2016. If you’re an eCommerce business, this means you may need to step up your payment security and verification process. This can include Address Verification (AVS), Utilizing Card Verification codes (CVV), as well as using a gateway or shopping cart that includes secure options such as Visa Checkout and Mastercard Masterpass.

 

If you are interested in learning more about how to protect your business whether in store or online contact us by email at info@agapay.gives, or give us a call at 1-800-644-3909.

 

Subscribe to get notifications when new blog updates are posted! 

Samsung/Apple Pay and Liability Shift

Samsung/Apple Pay and Liability Shift

A question we’ve received recently was whether Apple Pay, Samsung Pay, etc. (NFC) were secure, and where the liability fell. To explain this let’s first explore how these payments work. Apple Pay and Samsung Pay are considered mobile wallets. On a capable mobile device, you setup your account information and enter your cards in the secure application, and once setup you just tap your mobile device on a compatible terminal at checkout and the payment is made. Some additional security features include include pin or fingerprint verification (based on device capability) in order to authorize a transaction. The advantage of using these services is that the card and customer data is encrypted by the application and every transaction is tokenized and unique making the transaction data useless to a potential hacker.

Since mobile payment technology is considered more secure they are not affected by the EMV liability shift. If you are not currently accepting NFC payments, call us to find out how to start at 1-800-644-3909.

Best Regards,

The Agapay Team

PCI SSC Releases Small Merchant Guide to Safe Payments

PCI SSC Releases Small Merchant Guide to Safe Payments

With a significant portion of merchants switching to internet and cloud based processing, there is a greater risk of data breach. The Payment Care Industry Security Standards Council (PCI SSC), the same organization that creates the standards for PCI compliance, has released a Small Merchant Guide to Safe Payments. This document covers some of the risks that small businesses face and provides basic guidance on how to mitigate risk and make your organization a less desirable target.

Some of the points they address are:

  • Don’t give hackers easy access to your systems
  • Use anti-virus software
  • Scan for vulnerabilities and fix issues
  • Use secure payment terminals and solutions
  • Protect your business from the Internet
  • For the best protection, make your data useless to criminals

For further reading, the document can be found at:
www.pcisecuritystandards.org

If you have any questions please feel free to contact us at 1-800-644-3909 or by email at info@agapay.gives.

The Agapay Team
www.agapay.gives

EMV creates a drop in Card Present Fraud

EMV creates a drop in Card Present Fraud

New data from the Auriemma Consulting Group (ACG) shows that card present credit card fraud losses have decreased by 18%, the lowest levels since 2013. With major adoption of chip technology by card issuers and merchants, card present fraud has become more difficult and has resulted in a sharp decline in related losses. However, even with accepting chip cards, there is still a risk. We recommend continuing with best practices to secure your customers credit card data.

If you know of any businesses that still aren’t able to accept chip cards, we would be happy to help them upgrade.

Best,

The Agapay Team

The full article can be found at: http://www.econotimes.com/

Credit Card Security Features

Credit Card Security Features

When you take credit cards in person it is a good idea to ensure that your staff are knowledgeable about Credit Card Security Features. Buy knowing and understanding these features, merchants can help reduce the likelihood of card present fraud. A few good tips are to always check for a signature on the back of the card and to ask for ID to verify the signature. For more ways to prevent fraud, below are links to Visa, Discover and American Express that explain how to identify genuine cards and some other great information related to card security. If you have any questions regarding card security or on your merchant account please feel free to contact us.

Credit Card Security Features

Pin It on Pinterest