Skip to main content

PIN Pads Face Security Upgrades

12/1/2007

There have been some 150 to 200 PIN-Pad tampering incidents in the last two years, and the trend basically represents organized crime trying to find the weakest link in a system to steal people’s personal identification numbers (PINs) and their money.

As ATMs have become commonplace in almost all retail outlets, the rising sophistication (and in some case, very simple) methods criminals are using to steal PIN information, not to mention entire PIN Pad devices, should be cause for considerable alarm. Particularly as such incidents greatly impact a consumer’s confidence and feeling of safety in shopping in your store.

Such was just a quick summary of new ways in which criminals are preying on ATMs as jackpots of money waiting to be stolen, according to Jeff Wakefield, VP of marketing, integrated systems, VeriFone, speaking in Las Vegas at TOPSS (Technology & Operations Store Summit) in October. TOPSS is produced by Chain Store Age and Retail Technology Quarterly.

The good news, he pointed out, is that a majority of theft is occurring among older pre-PED PIN Pad terminals. Also, there is a proven and organized way in which retailers can protect against such breeches, or, if targeted, detect the breach as quickly as possible.

Among the many practical suggestions Wakefield outlined for protecting customers’ information and the money stored in ATMs, were the following strong recommendations:

Inventory all POS PEDs (PIN entry devices) and expedite the replacement of any PEDs of models known to have been compromised;

Ensure that only authorized personnel service deployed PEDs at all locations;

Accurately manage PED inventories and physically secure PEDs so they cannot be removed, modified or replaced;

Actively monitor PED internal serial numbers and be aware of any suspicious serial-number changes;

Work with merchant banks and/or encryption and support organizations to create a plan that ensures all deployed POS PEDs are Visa-approved; and

Train employees about potential PIN compromises and inspect POS PED inventories regularly.

While the amount of work involved may seem, well, annoying and a burden for retailers already saddled with so many security and growing numbers of other regulations, the task can be managed if implemented and followed in a coordinated and methodical manner. “A layered approach is definitely better than having a single approach to attacking this problem and one that I think everyone should be implementing or looking at doing soon. Visa also has helped with developing these types of safeguarding measures as well,” he noted.

X
This ad will auto-close in 10 seconds