Skimmers at gas pumps are a continuous threat and the use of skimmers by fraudsters to steal credit card information is on the rise.
To protect your sites and your consumers, consider doing the following on a daily basis:
1. Use security decals on all dispensers and inspect dispensers for tampering
2. Install unique locks on your dispensers
3. Monitor activity at the dispensers, especially those that are hardest to see from inside the store
4. Keep a technician log to verify identity and require sign in/sign out for all technicians that work at your site
One of the most important tasks for site operators is to help make certain that credit card data is safe and secure. Training your personnel on how to defend your site against criminals looking to install skimmers or steal fuel is imperative. Stay sharp, stay informed, and stay ahead of the criminals!
Protect your Credit Card Data
1. Any material containing cardholder information should be kept in a secure, locked area. Don’t forget about batch reports;
2. Only keep material with cardholder information as long as required for your business or legal purposes and always cross-cut shred the material when discarding it;
3. Restrict access areas with sensitive cardholder data to authorized personnel only;
4. Be sure that each employee with access to the Point of Sale, EPS, PIN pads and network equipment has a unique login ID and has received training on security;
5. Do not allow site personnel to bring a laptop or other electronic equipment to your site; and
6. Change all passwords frequently. If an employee is terminated, revoke their access to secure systems and collect any keys or access cards immediately.
Safeguard Payment Card Acceptance Devices
The PCI Data Security Standard requires sites to protect payment card acceptance devices from tampering and substitution. Each site is required to:
1. Maintain a list of equipment with serial numbers;
2. Inspect equipment regularly, especially PIN pads, to prevent substitution and ensure no unauthorized payment processing equipment has been connected;
3. Train all personnel to be aware of and report suspicious behavior, equipment tampering, or device replacement;
4. Keep a technician log—verify identity and require sign in and sign out when technicians work on your payment processing equipment;
5. Ensure that any third party POS applications are Payment Application Data Security Standard approved; and
6. Install anti-virus and security patches on your POS and back office applications.
Remember, PCI is a requirement and the PCI requirements were established to protect you.
Defending the Forecourt
Site employee diligence is your best weapon against skimming and fuel theft. Keep these suggestions in mind:
1. Constantly monitor fuel dispenser activity, especially at dispensers that are the hardest to see from inside the store;
2. Look for a high incidence of bad card reads or problems accepting cards at a specific fueling position/dispenser;
3. Be aware of dispenser off-line messages displayed on the POS. This could mean the dispenser is disabled to install a skimmer or steal fuel;
4. Be suspicious of vehicles parked on the forecourt for extended periods of time or blocking the view of some dispensers;
5. Be alert for anyone posing as a technician that tries to perform unauthorized work on dispensers;
6. Inspect dispensers regularly for evidence of tampering; and
7. Keep an eye out for skimming devices attached to indoor and outdoor payment terminals.
The risk of skimming is real. To put things in perspective, consider the following:
1. 37 million Americans refuel every day.
2. Of those 37 million, 29 million pay for fuel with a credit or debit card.
3. When skimming occurs at a gas station, it usually takes place at only one pump.
4. A single compromised pump can capture data from 30—100 cards per day.
Be vigilant and pay attention. If you suspect suspicious activity, contact your local law enforcement and alert our main office so that we may pass the information onto other dealers.