24 August 2017
visit www.avoka.com

Visa Europe issues anti-skimming guidelines

20 September 2010  |  4504 views  |  0 Source: Visa Europe

Visa Europe, Europe's leading payment system, today issued the latest addition to its security guidance series on system vulnerabilities.

"Device Skimming: Attacks and Defence" is based on industry best practices to help retailers protect payment systems and limit the likelihood that they will be the victim of skimming attacks.

Skimming attacks involve criminal gangs who attempt to modify Point of Sale (PoS) terminals by fitting them with equipment that captures card information and potentially customer's PIN numbers whilst the card is being processed. To assist retailers, Visa Europe has developed a set of best practice guidelines to mitigate the risk of skimming attacks.

Effective management of PoS devices and increased vigilance can significantly reduce the likelihood of skimming attacks being successful. Following this simple set of guidelines will help make the payment system more secure. Visa Europe recommends that all of the guidelines should be followed in order to form a layered approach to system defence. Retailers should:

• Examine payment acceptance devices on a regular basis to identify whether the device has been altered or tampered with. This examination should include the retailer looking for: missing seals or screws, extraneous wiring, holes in the device or additional labels used to mask damages.
• Familiarise themselves with the environment in which payments systems are operating and be aware of any additional or unknown items that appear in the vicinity of the device. Many criminals use the areas surrounding PoS devices to install cameras to record customer PIN entry details. Retailers can use CCTV to deter criminals and help to protect the security of PoS devices. Cameras should be positioned to monitor the location of devices and not record PIN entry at the device.
• Secure their devices to prevent their substitution and protect against tampering. Where possible, cables connecting to terminals should be protected using a conduit or held within a physically secure structure. This should be carried out in accordance with relevant disability legislation for the country in which the device is deployed.
• Implement employment policies to ensure that appropriate background checks are carried out on employees who will be handling the devices. Employees should also be made aware of their responsibilities to protect PoS devices and be vigilant to possible attacks.
• Develop and implement policies and procedures to train staff to validate the identity of all payment systems repair technicians or any other entity who tries to either remove or install a PoS device.
• Use PCI Security Standards Council (PCI SSC) approved devices.

Stanley Skoglund, Senior Vice President Payment System Risk at Visa Europe, said "Skimming attacks are becoming increasingly sophisticated. Fraudsters operate in organised groups around the world and attacks are often difficult to detect. Visa Europe does not tolerate activities that undermine the integrity of the payment system as this has an impact on the trust that consumers have in your business. By taking an active stance, Visa Europe's guidelines highlight pro-active steps that retailers can take to ensure acceptance of card payments take place in a safe and secure environment and reinforce consumer trust."

Over the past year, Visa Europe has introduced a range of guidelines for retailers including advice on emerging technologies such as data encryption, tokenisation, and industry-specific whitepapers to help participants in the payment chain better understand their responsibilities related to securing cardholder data as well as providing simply guidance on how retailers can protect themselves from common attacks.

Comments: (0)

Comment on this story (membership required)

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit www.vasco.comvisit www.abe-eba.eu

Top topics

Most viewed Most shared
Rabobank constructs physical model to understand IT architectureRabobank constructs physical model to unde...
20857 views comments | 43 tweets | 86 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
12023 views comments | 22 tweets | 35 linkedin
Australia regulates digital currenciesAustralia regulates digital currencies
11337 views comments | 21 tweets | 35 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
11164 views comments | 10 tweets | 8 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
10855 views 0 | 7 tweets | 1 linkedin

Featured job

London, UK (or flexible)

Find your next job