Credit and Debit Card Fraud: What you can do to help prevent it…

1
credit card fraud

Tips and Best Practices to help prevent falling victim to Fraudsters – Bruce Clement, Superior Business Solutions Ltd.

Having worked in this industry for a couple decades now (I started young), it hasn’t been until the past few years that the Sault area has seen a significant increase in fraudulent activities surfacing. The following are a few of our experiences to date with some of the most common methods used by fraudsters. As consumers, merchants and staff, we all can help to prevent fraud and possibility of falling victim to it by educating ourselves and taking advantage of some best practices.

More than likely, everyone reading this article has either been directly affected by a fraudster or knows of someone in their circles who has. With a little extra effort, hopefully we all can help thwart their efforts. It is also important to note that although the experiences I mention below relate to payment terminals and pin pads in restaurants and stores, these methods of fraud are also seen used in ATMs, Gas Pumps and pretty much any device you can stick a credit or debit card into to pay for a purchase.

Swapping

pay at the tablePAT (Pay at Table) devices are wireless credit/debit card payment terminals which operate on wireless technologies like wifi, bluetooth or cellular. They are commonly used in restaurants or by delivery services to make it more convenient for consumers to pay for their meals or purchases. They are also the most common target of fraudsters due to the ease of unattended access.

A good example of how easy it is for fraudsters to take advantage of these payment devices was recently experienced by a local pub. Two males visited the establishment for apps and beverages shortly before closing time. When these individuals asked to pay their bill, the server brought the payment terminal over to the table and then returned to his duties. A few minutes later the server was called back to the table and advised the terminal was not working properly. Not to worry, they had cash and proceeded to pay for their tab.

The next morning, we received a service request to replace the malfunctioning terminal. Upon arrival, I was quickly able to determine the issue. Although the terminal was of the same make and model of the other terminals used by this merchant, it had labels from a Payment Processing company the merchant wasn’t doing business with. More specifically, the merchant was with Moneris and the terminal clearly had Global Payments labels. In addition, the security stickers which normally are affixed over the screw holes on the bottom of the device were damaged from someone using a screwdriver to open up the device.

Swapping out devices is becoming more and more common. Fraudsters will swap out a terminal or pin pad and may or may not return at a later time to swap them back. This practice is done in an attempt to collect credit and/or debit card information from either the merchant’s original equipment or from a modified device that the merchant’s staff hopefully continues to try and use. Once the card information is collected, duplicate credit and debit cards are created to sell on the internet and/or make purchases until the activity is detected.

Even though recent changes to how and what information is stored on a payment device is being implemented across the industry, fraudsters will often modify a stolen payment devices with technology to copy card information. Commonly referred to as Skimmers, I’ll discuss this fraud technique later in this article.

In this particular case, the merchant had to pay a significant amount of money to replace the stolen rented device. Not to mention, these payment devices contain confidential merchant account information and may also temporarily store credit/debit card information from any cards used in it.

PAT devices are not the only devices targeted. I’ve attended numerous calls where pin pads attached to terminals or point of sale systems have fallen victim to the same swapping practice. Another example was a popular chain clothing store. They had a total of four pin pads connected to point of sale terminals (computers). Upon arriving to repair a malfunctioning pin pad, I again noticed that although it was the same model as the other three pin pads present, the labels affixed to it were from a payment processing company the merchant didn’t do business with.

Best Practices to Identify and Avoid falling victim to Swapping

  • Don’t leave PAT devices unattended with customers; they should be treated like cash. After all, you would never walk up and leave a cash tray on a table for customers to pay for their purchase.
  • Get in the habit of periodically examining payment devices. Make sure labels on terminals and pin pads match the company a merchant does business with. Check that security stickers commonly positioned over screw holes to indicate any tampering are in place and undamaged.
  • stand-lanyardMost merchants have a number of the same make/model of terminals and pin pads. If the one you are using looks different from others present, bring your observations to the attention of someone and don’t hesitate to ask to use another terminal or pin pad if available.
  • Secure wired terminals and pin pads to counters with metal security stands and lanyards (usually made from extremely durable aircraft cable). Speaking from experience, these security measures drastically increase the time required to remove or make modifications to devices!

Card Skimmers

card skimmer
Bluetooth enabled skimmer.

Simply put, card skimmers are usually small devices fraudsters use to copy credit/debit card information when they are used in payment devices. They can either be concealed within a device or affixed to the outside of it. Depending on the type used, a fraudster may have to retrieve the device to collect the information it has successfully copied and stored or some even have the ability to wirelessly transmit card information via bluetooth or wifi connection.

As recently reported by the Sault Ste. Marie Police Service, this method has become very popular recently and there has been a considerable amount of this type of fraud activity right here in the Sault Ste. Marie area. In addition to yesterday’s story advising that patrons at the Galaxy Cinema may have fallen victim to fraudsters using skimmers, we’ve been busy attending service calls to a number of other merchants in the area. Usually at high traffic merchants where fraudsters can gather large volumes of card information in a short period of time.

card skimmer card skimmer

 

 

 

Best Practices to Identify and Avoid falling victim to Skimming

  • Don’t leave payment terminals or pin pads unattended with customers; they should be treated like cash. After all, you would never leave a cash tray or open cash drawer unattended.
  • If you notice something affixed to a pin pad or terminal which doesn’t look like it belongs there, don’t hesitate to bring it to someone’s attention and request to use another one if available.
  • If you find it difficult to insert or swipe your card in a pin pad or terminal, also bring it to someone’s attention and request to use another one if available.
  • Get in the habit of periodically examining payment devices. Make sure labels on terminals and pin pads match the company a merchant does business with. Check that security stickers commonly positioned over screw holes to indicate any tampering are in place and undamaged.
  • Most merchants have a number of the same make/model of terminals and pin pads. If the one you are using looks different from others present, bring your observations to the attention of someone and don’t hesitate to ask to use another terminal or pin pad if available.
  • Secure wired terminals and pin pads to counters with metal security stands and lanyards (usually made from extremely durable aircraft cable). Speaking from experience, these security measures drastically increase the time required to remove or make modifications to devices!

modified pinpad modified pinpad

 

 

 

 

 

Although I’ve only touched on a few of the most common methods fraudsters use, there are a multitude of others. In closing, the following are a few more tips based on our experiences in the field as well as some links to other prevention tips and best practices I may have missed:

  • Don’t hesitate to ask a service technician for proper identification; our technicians all have ID’s provided by the companies we represent.
  • Never let anyone claiming to be from a credit/debit card company such as VISA or Mastercard touch any of your point of sale equipment or payment devices. Representatives of credit or debit card companies are NOT authorized to touch merchant equipment and devices. Sales or service representatives of any reputable payment processing companies are required to have proper ID and will usually schedule an appointment prior to visiting a merchant.
  • Never provide sensitive account information over the telephone without first verifying who your are actually speaking with. Offer to call them back at a phone number you are familiar with and can verify belongs to the company you deal with.
  • Don’t hesitate to report any suspicious activities to managers or local authorities!!! Help both yourself and others avoid falling victims of fraud.

Helpful Resources

If you found this article helpful… share it on your social media feeds 😉

1 COMMENT

Comments are closed.