We have all heard of the Sony Playstation Network breach this past April, where over 100 million credit card numbers were exposed by hackers. This was an organized attack by hackers using the internet and skills to breach the Sony Network.
However, we just learned of an etirely new breach, at the Michaels Stores Inc., which was discovered May 2011. This breach was not on online, internet, or wireless compromise of cardholder data, but a well organized, yet more personal attack on our great payment processing networks we have in the USA.
The Michaels Stores breach was done by the criminals swapping out 90 Personal Identification Number (PIN) pads with the legitimate PIN pads, at locations covering 20 states. These criminals were able to gain access to the POS systems and power them down, then unplug the legitimate PIN pad, then insert the rogue PIN pad, then power the POS systems back up.
What has me awake at night, is how were these criminals able to do this? I change out my merchants PIN pads all the time, but I am often required to dig through alot of dust and cables, even black widow spiders, just to get the PIN pad inserted in the POS system. I am guessing that these individuals may have tricked the store managers or assistant managers into thinking the criminals were from a POS vendor or POS support company? Another thought is, that the criminals were able to gain access to POS when the stores were closed, (maintenance crews perhaps)? Or, it could just be employees looking for a quick payoff from a criminal organization?
Regardless of how these breaches have happend, I want all merchants to be aware and ever vigilant. We owe a duty to our customers (cardholders) to protect their data that they trust us with while paying for our products or services. I have found a great link for all merchants to help reduce and prevent credit and debit card skimming. The link is for a 25 page PDF titled "Skimming Prevention: Best Practices for Merchants", from the PCI Security Standards Council website at www.pcisecuritystandards.org/documents/skimming_prevention_IS.pdf .
Please let us know if you have trouble opening the link. Email: info@freepospros.com or visit us at www.freepospros.om and we will email the 25 page PDF booklet to you.. Follow our Twitter Blog for more PCI POS Security Tips ans advice @FreePOSPros Please let all your merchant friends know about the Free POS Pros team.
Thank you.
Best regards, Keith J. Ragan