Skimming Survival Guide

Bluetooth, Cellular Skimmer

Skimming devices are used by criminals to obtain credit card numbers and cardholder information without the customer’s knowledge.  While skimming can occur at any point of sale (POS), it is most common at Automated Fuel Dispensers (AFDs). With the EMV liability shift at the forecourt just 18 months away, the window of opportunity for thieves to get this data is closing.

What is skimming?

PCI Compliance for Heartland Merchants

As a reminder, the Payment Card Industry Data Security Standards (PCI DSS) apply to all entities that store, process, or transmit cardholder data.  As a Heartland merchant, you have automatically been enrolled in Heartland’s new Merchant Protection Program with ControlScan.  This program, with the support of ControlScan’s services, will provide the resources to baseline security standards and maintain compliance validation to the PCI DSS, as required by the card brands.

What happens next with the PCI Data Security Standard (PCI DSS)?

The following key updates and milestones are being provided to help you with your PCI DSS and payment security efforts:

PCI DSS 3.2—The Effective Date has Come and Gone

February 1, 2018 marked the date that all new requirements introduced in PCI DSS v3.2 must be adopted by organizations and included in their PCI DSS assessments.

For all organizations:

New PCI Guidance on Simplifying Network Segmentation

The PCI Security Standards Council has released new guidance that is designed to help organizations simplify network segmentation, a practice the council strongly recommends to help protect payment card data.
"This guidance we've had in some shape or form for many years, but [the new release] makes it easier to understand," Troy Leach, CTO of the PCI Council, says in an in-depth interview with Information Security Media Group.

PCI Data Security Standard 3.2

The Payment Card Industry Security Standards Council (PCI SSC) has published a new version of the industry standard that businesses use to safeguard payment data before, during, and after purchase.  PCI Data Security Standard (PCI DSS) 3.2 replaces 3.1 to address growing threats to customer payment information. Companies that accept, process or receive payments should adopt it as soon as possible to prevent, detect and respond to cyberattacks that can lead to breaches. 

What is the Difference Between EMV and PCI Compliance?

Due to the timing of the upcoming liability shift to EMV on October 1, 2015, and the new PCI requirements that went into effect on July 1, 2015, you may be wondering what the difference is between the two.   
Both EMV and PCI Compliance are guidelines for protecting cardholder data for the purpose of reducing fraud, but focus on different elements of the credit card transaction. 

PCI: 5 New Security Requirements

The five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, 2015.  Most likely to be affected will be smaller merchants.  New requirements relate to point-of-sale vulnerabilities that have been linked to activities at small and mid-sized businesses.  
The best practices, which were included when PCI-DSS version 3.0 was released in November 2013, are as follows: