Can you tell if someone has been tampering with the POS payment processing system you have set up at your business? It may not be as obvious as you might think, given the sophistication of some of the technology currently being employed for criminal usage. A recent post on the blog Krebs On Security examined the means by which one specific case of this kind was carried out.
We've discussed skimming as a practice before, but the Krebs piece looks at the small equipment used by two men from Seattle who were recently caught in relation to a scheme involving the theft of card data from pumps at gas stations. A fake keypad overlay along with a tiny bit of hardware is all that's required to obtain the information necessary to make fake credit cards and begin committing fraud.
Krebs links to the document of the official indictment of the case from Oklahoma's district court, filed earlier this month. In it, the criminals, Elvin Alisuretove and Kevin Konstantinov are alleged to have been only part of a larger plan, and would travel out of state to leave their skimming devices on "specifically Murphy's gas pumps located in the parking lots of Wal-Mart retail stores."
"As a result of the defendants scheme to defraud a loss amount of approximately $400,000 was incurred," the statement reads.
Because devices like these can be left in place undisturbed for months, the onus is on the business to make sure point of sale credit card processing equipment hasn't been hijacked. Customers will be safer and more inclined to patronize you place of business if you do so.