The PCI Security Standards Council (PCI SSC) has released a new resource to educate merchants regarding security best practices that defend against credit card skimming attacks. Reportedly, skimming is the unauthorized capture and transfer of payment data to another source for fraudulent purposes through payment cards or the payment infrastructure.
Spearheaded by the Council’s Pin Entry Device (PED) Working Group, with input from law enforcement and industry experts closest to credit card skimming threats, the suggested guidelines help merchants to: evaluate the risks relating to skimming; understand the vulnerabilities inherent in the use of point-of-sale terminals and terminal infrastructure; assess challenges associated with staff that has access to consumer payment devices; prevent or deter criminal attacks against point-of-sale terminals and terminal infrastructure; identify any compromised terminals as soon as possible and notify the appropriate agencies to respond and minimize the impact of a successful attack.
Troy Leach, technical director, PCI SSC, said: In today’s heightened threat environment, skimming remains a popular method of data compromise. Merchants can protect their business and their customers by educating themselves on risk, and taking active steps to protect their terminal infrastructure from fraud. By following the guidelines outlined in this document, merchants can improve security levels in their terminal environment and defend against this type of attack.
PCI SSC is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS).