Here’s a ‘love story’ with a twist: your debit card, which is your one true soulmate, might not have been faithful to you. Sure, you swipe it helter-skelter everywhere – gas stations, ATMs, fast-food, restaurants, hotels – and each time you thought it was safe, that it was only you and your card. Unfortunately, your card has a secret – sometimes it shares itself with others, without your knowledge of course, whether through skimming or some other POS hacking method.
The types of POS hacking are fairly common, and downright scary:
- Machine Theft. A machine that is not configured can be a veritable gold mine of data in the wrong hands.
- ‘Manual’ Skimming. If a thief can get a hold of a card, even for a moment, they can swipe it in a portable device that will read the card’s data.
- Overlaid/Camouflaged Skimming. Creative thieves can make a false reader look like part of the card reader that you want to use at, say, a gas pump or some other unmanned kiosk.
- Internal Skimming. Really skilled thieves can actually get a skimming device inside of a POS system and then intercept information over message lines.
- Hijacking Systems. Some systems, such as ATMs, that have not been properly configured can have their operating systems compromised.
- Data Breaching. Some hackers are perfectly capable of simply breaking in, electronically, to otherwise secure storage devices or systems, even remotely.
What’s worse is, most of the equipment that hackers use are readily available on the Internet. When you mix this with some retailers’ relative lack of concern over security, it’s no wonder it is a burgeoning ‘business.’
I’ve written about the value of online POS systems before, and still think there’s nothing wrong with a small business going in that direction. Data thieves, however, are more attracted to small merchants because of the perception that they operate as inexpensively as possible and therefore do not use much in the way of security.
If you’re completely in the dark as to what you can do to protect yourself and your customers, the PCI Security Standards Council – made up of globally-accepted payment brands, including MasterCard and American Express – has plenty of information for small businesses to use to help secure their information as well as their customers’, including these three simple steps:
- Changing Passwords. Most card readers come with a pre-installed password of “1234.” Changing it immediately is never a bad idea.
- Location, Appearance, and Access. Place card readers and POS systems in secure locations.
- E-Commerce Contractors. Find the right people to help set up your card readers/POS system.
Just from 2005 to 2009 alone, more than 340 million computer records – including POS sales information – were involved in security breaches. Taking the extra step to protecting your customers – and yourself, from lawsuits or bad word-of-mouth – can only help your business.