The Case for Routine Hardware Security Audits and Inspections

By Vladik Rikhter

credit-card-pos.png

Part of modern day security is a company’s ability to combat scams that aim to take advantage of customers. It’s in the best interest of any company because a brand’s success is often built on basic trust. When customers shop at a store or eat at a restaurant, they expect a secure transaction.

For some companies, changing technology has made it more difficult to keep up with scammers. The problems for a company’s image are two-fold:

  1. Scams display weaknesses in security systems.
  2. Reports of customers being scammed spread rapidly around the Internet.

It’s now more important than ever to make sure that your business is up to date with technology auditing, and keep customers informed of breaches in security.

How Skimming Works

Most of the scams that occur inside retail locations require inside knowledge of the company’s mechanics. The thieves open the card processing terminals at a checkout lane and install a skimming device that sits underneath the keypad. The apparatus then steals account data when customers swipe their cards at the register.

Sometimes, thieves place a hidden camera in order to record personal identification numbers. The camera may be hidden in the ATM, or even just to the side inside a plastic case holding other items. Other skimmers install a fake PIN pad over the actual keyboard to capture the PIN directly, so a camera is not needed.

Regardless, employees and managers should be trained on how to detect ATM tampering. It comes down to knowing what to look for when inspecting machines. PC Magazine offers more specifics here.

If a breach is confirmed, companies must be fully transparent in notifying customers. Here’s a case-in-point:

Safeway Loses Safety Points

In some parts of Colorado and California, the grocery chain Safeway recently had issues with scammers who “skim” for PIN and credit card numbers.

The company released a statement concerning the fraud:

"Like all responsible business owners, our store teams routinely inspect all point-of-sale devices and discovered the three skimmers during these inspections. When our store teams find evidence of criminal activity like this, we have been able to pinpoint with surveillance video when the devices were installed and how many transactions were processed.”

To Safeway’s credit, the breach was detected during a routine audit. However, the company chose not to notify customers immediately, deferring the problem to banks. A spokesperson said Safeway’s internal security team did not want to alarm customers and possibly compromise the investigation. However, that decision backfired with some customers.

“Oh boy does this tick me off!” wrote Larry Taylor of Lakewood, Co. “I've been shopping at the Safeway at Garrison and Colfax for about 15 years. I'm stunned that they found skimmers and didn't bother to let any of us know. Looks like it’s Soopers from now on!”

Many customers saw a company trying to protect themselves—not their security.

The Takeaway

  • Companies should make sure their ATM security is up to date and audited on a regular basis to detect fraud.
  • Tampering is detectable and employees should be trained to detect when an ATM has been tampered with.
  • Regular, routine auditing means less risk for your brand in the long run.
  • Be sure to have a plan for how your company would react in a security breach, keeping in mind that full transparency with your customers is a priority.   
  New Call-to-action

Subscribe to Zenput's Blog