Recent security news has been abuzz with stories about how easy it is to install credit card skimmers on PIN Pads. This is a particularly challenging area where physical security meets cybersecurity. In a video last week, we saw a man install a skimmer in 3 seconds. Now, imagine a busy store where the employees are focused on ringing out the customers and moving on. Who’s going to notice someone doing something odd for 3 seconds? And, without the context of knowing the individual is doing something bad, would it even look odd if they did see it happening?
PCI DSS requires businesses to physically inspect and inventory the PIN Pad machines on a quarterly basis. Even if you inspect quarterly, the potential for significant data loss exists. Hundreds and even thousands of credit cards can be scanned at one machine in a quarter. That’s a lot of data lost. And a lot of unhappy customers. Last week, James Adamson from Online Business Systems, wrote in a blog post that we need to start raising awareness with our employees that are closest to these machines. Teach them to inspect daily and be vigilant for tampering. This is your best shot to identify and stop credit card skimming.
We agree with James’ advice and strongly urge you to take action and educate your staff on the danger that credit card skimming poses to your business. Make sure they know what to look for and how to report a possible breach. Studies have shown over and over that organizations who conduct regular security awareness training suffer few data breaches.