ATM Fraud and Security

Size: px
Start display at page:

Download "ATM Fraud and Security"

Transcription

1 WHITE PAPER ATM Fraud and Security Minimizing loss, mitigating risk and maintaining consumer confidence in the ATM channel Since the introduction of the first automated teller machine (ATM) in 1967, perpetrators have been devising ways to try to steal the cash inside. Because ATMs eliminate the need for round-theclock human involvement and tend to be located in places that make them more vulnerable to attack, they are often attractive targets for perpetrators. ATM crime is not limited to the theft of cash in the ATM. Many ATM attacks seek to obtain a consumer s personal information, such as their card number and personal identification number (PIN). While these types of identity theft attacks take more effort to net cash for perpetrators, the result is the same illegally obtaining money. According to estimates by Retail Banking Research, there are more than 2.2 million ATMs deployed worldwide. This is a figure forecasted to exceed 3 million by As the number of ATMs in use increases, so do the frequency and sophistication of security threats, making the development of fraud prevention measures a top priority for financial institutions (FIs) and ATM manufacturers. This white paper details a comprehensive overview of the current threats to the ATM channel and best practices in security and consumer safety issues facing the self-service industry. It describes techniques perpetrators use to commit fraud and introduces security management practices and devices designed to keep ATMs secure. ATM Fraud Around the World ATM fraud is not confined to particular regions of the world. To further complicate matters, perpetrators and victims are often on different continents, and the problems of one region can quickly become the problems of another. Here is a look at geographical trends associated with ATM fraud: Europe Card skimming was the most prevalent crime affecting ATMs in Europe, according to a 2011 survey of 394,296 ATMs in 27 European countries by the European ATM Security Team. Card skimming at ATMs resulted in losses of nearly 111 million Euros across Europe during the first half of According to the same study, 61 percent of European countries reported a decrease in card skimming incidents compared to the first half of 2010, decreasing total fraudulent losses by 28 percent. These drops are likely due to Europe s use of anti-fraud devices, in addition to the implementation of Europay,

2 are rapidly expanding their network size, Asia is fast becoming a target for ATM fraud. The most prevalent type of fraud in Asia is card skimming. Malaysia and Taiwan have already migrated the entire network to skimming-resistant chip cards. Whereas, more countries such as Indonesia and Thailand are accelerating their migration plan. In addition, most of the FIs in the region are adopting fraud deterrence technologies for their ATM fleet. MasterCard and Visa (EMV) technology in 98 percent of Europe s ATMs. ATMs that are EMV compliant have the ability to read embedded chip cards, which provide a two-factor authentication that mitigates the fraudlent redemption of stolen credentials. While the number of skimming attacks is decreasing in Europe, the number of cash trapping crimes are on the rise. In this attack method, fraudsters attempt to gain access to cash by attaching a fraudulent device to the cash-dispensing slot, causing notes to be stuck inside the ATM. The perpetrator then returns later to remove the cash from inside the dispenser. During the first half of 2011, there were 6,756 incidents of cash trapping reported in Europe, up from just 150 incidents during the same time in Cash trapping resulted in reported losses of 495,782 Euros from January to June Latin America Over the course of 2010, Latin America s number of installed ATMs grew by 8.4 percent, making it one of only two global regions where ATM growth accelerated over the previous year, according to a study conducted by Retail Banking Research. Nearly two-thirds of the region s ATMs were deployed in Brazil, where demand has increased and offset the global decline in ATM installment growth. Asia According to a study conducted by Retail Banking Research, the Asia-Pacific market deployed more than 100,000 new ATMs in 2010 which made it one of the fastest-growing ATM markets. China accounted for half of the reported growth in this region and installed roughly 50,000 ATMs in In addition to a 50 percent increase in cash withdrawals, China s significant ATM installation growth was also largely due to a low ATM-to-person ratio. This market is predicted to continue to expand at a rapid pace through 2015, and is expected to surpass the U.S. as the top ATM market. North America North America is currently the largest ATM market in the world. Canada leads the world in perconsumer transaction volumes, while the U.S. has the largest installed base. But, the widespread use of ATMs with over 14 billion cash withdrawals in the U.S. alone makes North America an attractive target for fraudsters around the globe. In the U.S., ATM card-related fraud has continued to rise. A study released in 2011 by the Aite Group estimates that card fraud costs the U.S. card payments industry $8.6 billion annually. These amounts exclude secondary losses, such as negative publicity for the FI and lost consumer confidence. ATM card fraud in the U.S. is expected to increase dramatically in the coming years. A major factor is the transition to EMV compliant embedded chip cards throughout Europe, Asia, Latin America and Canada but not the U.S. Chip-based cards that are much more difficult to counterfeit than magnetic stripe cards, which are relatively cheap and easy to duplicate. As organized criminal groups become discouraged by other countries anti-fraud measures, they are likely to view the U.S. as an increasingly attractive target. A Global Problem Sophisticated criminal networks have enabled farreaching ATM fraud, affecting FIs and consumers on a global scale. With this in mind, FIs and ATM manufacturers must look at ATM fraud from a global perspective, as what is a problem in one country one day can be the problem of another country s the next. Types of ATM Threats ATM threats can be segmented into three types of attacks: card and currency fraud, logical attacks and physical attacks. Card and Currency Fraud Card and currency fraud involves both direct attacks to steal cash from the ATM and indirect attacks to steal a consumer s identity (in the form of consumer card data and PIN theft). The intent of indirect As more and more countries in Europe are migrating towards embedded chip cards and FIs in Asia 2

3 attacks is to fraudulently use the consumer data to create counterfeit cards and obtain money from the consumer s account through fraudulent redemption. Vestibule card skimming in locations where the ATM is located within a vestibule, skimmers are placed on the vestibule door card access reader to capture cardholder data from the magstripe where the card is read so an unwary consumer inserts their card into the vestibule instead of on the ATM. A skimming attack is usually combined with other fraudulent devices such as covert cameras or keypad overlays that capture the consumer s PIN as it is being entered on the keypad during a transaction. Skimming ATM card skimming is the most prevalent and wellknown attack against ATMs. Card skimmers are devices used by perpetrators to capture cardholder data from the magnetic stripe on the back of an ATM card. These sophisticated devices smaller than a deck of cards and resembling a hand-held credit card scanner are often installed inside or over top of an ATM s factory-installed card reader. When the consumer inserts his card into the card reader, the skimmer captures the card information before it passes into the ATMs card reader to initiate the transaction. The transaction continues in a normal fashion. When removed from the ATM, a skimmer allows the download of personal data belonging to everyone who used the ATM. An inexpensive, commercially available skimmer can capture and retain account numbers and PINs for more than 200 ATM cards. Typically, criminals design skimming devices to be undetectable by consumers. The following are three kinds of card skimming attacks that can occur: External card skimming placing a device over the card reader slot (motorized or dip) to capture consumer data from the magnetic stripe on the card during a transaction. This is the most common form of card skimming. Internal card skimming gaining access to the top hat of the ATM to modify the card reader or replace the original card reader with an already modified one for the purpose of obtaining consumer card data during a transaction. Some skimming perpetrators have even installed signs on ATMs instructing cardholders to swipe here first before continuing with transactions. Another fraudulent method is to portray the additional card reader as a card cleaner designed to extend the life and improve the performance of ATM magnetic stripes. Card Trapping/Fishing Card trapping and fishing attempt to steal consumers cards as they are inserted into the card reader during a transaction. The purpose of this type of attack is to steal the card and use it at a later time to make fraudulent withdrawals from the consumers compromised accounts. Card trapping is conducted by placing a device over or inside the card reader slot to capture the consumer s card. These can be devices such as plates over the card reader, thin metallic strips covered in a plastic transparent film, wires, probes and hooks. These devices are designed to prevent the card from being returned to the consumer at the end of a transaction. These attacks are sometimes combined with other fraudulent devices such as cameras or keypad overlays to capture the consumer s PIN as it is being entered on the keypad during a transaction. Currency Trapping/Fishing Currency trapping and fishing is an attempt by perpetrators to capture currency that is dispensed by the ATM during a transaction, whether it be in an envelope or as cash that is being deposited by the consumer during a transaction. Trapping a false dispenser front is placed over the shutter of the dispenser with adhesive or tape on the inside to trap the notes before they are dispensed. Fishing the methods used are similar to those used to fish for cards. Wires, probes and hooks that are difficult for the consumer to see are used to prevent cash from being ATM threats can be segmented into three types of attacks: card and currency fraud, logical attacks and physical attacks. 3

4 dispensed or deposits from being made. When the unwary consumer leaves the ATM, the perpetrator returns and uses the fishing device to retrieve the currency or deposit envelope. Transaction reversal this type of scam uses a variety of methods to create an error condition at the ATM that results in a transaction reversal by the host processor due to the reported inability to dispense cash. An example would be requesting a withdrawal of a certain amount but only carefully removing a portion of the notes presented. When the transaction times out, the remaining notes are retracted, but depending on the bank policies, the entire transaction may be reversed leaving the person with some cash but no corresponding debit to the account. Meanwhile, the cash has been taken through accessibility or force. is necessary. Often masquerading as Microsoft Windows, once installed, malware can operate undetected for months at a time, capturing cardholder data or instructing ATMs to dispense cash. Physical Attacks Physical attacks on an ATM include any type of assault that physically damages the components of the ATM in an attempt to obtain cash. While the entire ATM can be a target for a physical attack, specific components of the ATM are often targeted. The Safe The safe is the primary target for most perpetrators because it contains cash. Most, but not all, physical attacks seek to access the safe. Typically, this involves focusing on the locks, handles and hinges of the safe door, but attacks can be made anywhere on the safe. Logical/data Attacks Often the most difficult attacks to detect, logical attacks target an ATM s software, operating system and communications systems. Logical attacks can be some of the most damaging in terms of the quantity of consumer data compromised. The migration from proprietary operating systems to Microsoft Windows technology has led to greater connectivity and interconnectivity of ATMs. Vast networks including ATMs, branch systems, phone systems and other infrastructure connected via the Internet are targets of logical security threats. Logical attackers include vandals who author viruses intended to exploit an ATM s operating system and hackers who install malware to violate the confidentiality, integrity or authenticity of transaction-related data. Malware and Hacking With any computer system, the purpose of installing malicious software (malware) is to violate the confidentiality, integrity and/or authenticity of data on that computer system. Designed to collect cardholder data and/or dispense cash, malware and hacking can occur both locally or remotely. Local attacks operate by accessing the top hat and downloading the malware using a USB drive or attaching a USB sniffing device to intercept communication between the card reader and the ATM s computer. Remote attacks on an ATM network occur at some point in the communication with the host or at the backend infrastructure. Typically, these sophisticated attacks are carried out by well-funded criminal organizations. Malware threats are of particular concern as they are on the rise and constantly evolving in an attempt to stay ahead of security measures. For malware to be installed, physical and administrative access to the ATM platform s operating system The methods of attacks used to try to gain access to the safe include: Cutting/grinding usually with power saws and grinders Drilling usually with power drills Prying with pry bars, wedges, and crowbars Pulling after the safe door has been cut with a saw or torch, one end of a chain or cable is connected to the door and the other end to a vehicle to pull off the door. Torch or other burning device such as a thermal lance Explosives such as gas, dynamite, homemade bombs, or even gasoline 4

5 The Top Hat Perpetrators will attempt to access the top hat of the ATM because they mistakenly believe it is a way to get to the safe or other cash or because they want to steal components of the ATM such as the hard drive. Fraudsters also try to access the ATM via the top hat to attach an internal skimmer or download malware. The most common types of attacks against the top hat are: Prying open the door or side panels of the top hat Prying open the fascia Damaging the lock to gain access Picking the lock in an effort to leave no evidence behind so that an internal skimmer or downloaded malware will go undetected Cutting/grinding either the top hat door or sides, or the fascia Using a torch or other burning device The Presenter and Depositor Physical attacks on the presenter and depositor attempt to gain access to the ATM s cash source, which include the storage area for deposits and the divert bin. These types of physical attacks target the exterior components of these modules using the same methods used elsewhere on the ATM, including cutting, prying, drilling, torching and smashing. Often, explosives or gas hoses are inserted into the presenter for explosion attacks. The Entire ATM Many physical attacks seek to remove the entire ATM and then transport it to a location where its safe or vault can be laboriously penetrated and its contents removed. ATM removal techniques include: Ramming or ram raid attempting to ram the ATM with a car, truck or heavy machinery to smash it loose from its foundation Pulling placing a chain or rope around an ATM and attaching the other end to a vehicle to pull the ATM from its foundation or location Lifting using a forklift or similar equipment to try to lift the ATM from its foundation While island ATMs are the usual targets of these attacks, stand-alone ATMs in stores or other buildings as well as through-the-wall ATMs have been targeted. Fighting Fraud & Securing the ATM Maintaining the security of an ATM fleet is one of the most technically challenging areas of an FI s operations. To ensure the most effective protection against these types of threats, FIs must implement a comprehensive, multi-layered security program that includes hardware, software and services designed to protect against all breaches today and in the future. Card and Currency Security Preventing Card Skimming There is a variety of methods that may be employed to deter card skimming. To begin with, awareness among consumers, branch personnel and ATM service technicians can result in the detection of devices added to an ATM fascia. Visual clues such as tape residue near or on a card reader may indicate the former presence of a skimming device. In addition, the following anti-skimming solutions can help prevent skimming attacks: Jitter - a process that controls and varies the speed of movement of a card as it is swiped through a card reader, making it difficult if not impossible to read card data Alert systems - these systems monitor routine patterns of withdrawals and notify operators or FIs in the event of suspicious activity Chip-based (EMV) cards - these cards house data on microchips instead of magnetic stripes, making data more difficult to steal and cards more difficult to reproduce Anti-skimming technologies - effective in identifying, jamming or disturbing skimming devices when they are attached to the ATM Foreign object detection - ATMs equipped with this type of technology can alert owners, operators or law enforcement in the event that a skimming device is added on the fascia of an ATM Preventing PIN Capture Video surveillance is the most effective method for deterring or detecting PIN capture. In addition, mirrors can be affixed to the fascia of an ATM, allowing users to easily see behind consumers as they enter data. Maintaining the security of an ATM fleet is one of the most technically challenging areas of an FI s operations. 5

6 Furthermore, PIN pad shields can be used to obscure data entry because they shield the PIN pad from view. The ergonomic design of an ATM can also play an important role in preventing shoulder surfing. Techniques such as positioning the keyboard in the center of the fascia or recessing the display more deeply within the terminal can also make shoulder surfing more difficult. Preventing Fraudulent Equipment Consumer education and ATM monitoring services are the best ways to prevent the application of fraudulent equipment such as skimming devices on or near legitimate ATMs. Consumers should be taught awareness of the look and location of ATM components, such as PIN pads, card readers, monitors and dispensers. ATM monitoring services are designed to notify owners of repetitive timeout messages during PIN entry. Foreign object detection technology can also play a role in identifying fake equipment. Hidden from view, this type of technology actively monitors the ATM s fascia. When abnormalities are detected, ATMs can notify authorities and even shut down until problems are resolved. Preventing PIN Interception Encrypted PIN pad technology is the key to preventing PIN interception. Encrypted PIN pads scramble data before transmission so that no raw PIN numbers are accessible to electronic hackers. Preventing Card Theft Card readers with the capability to detect if an ATM s shutter is closed completely can provide an indication that a fishing device may have been inserted into the card reader. By using remote diagnostics to monitor the ATM, error codes generated by the card reader can be tracked. An increase in the occurrence of error codes related to card readers could be an indication that a fraud attempt is in progress. Preventing Transaction Reversals Many FIs deter this fraud by always debiting the account for the full amount of a transaction, dealing with legitimate short-dispense claims as they arise. Other techniques include monitoring time out on withdrawal error messages. If this message occurs repeatedly and is associated with a specific cardholder, this may be an indication of perpetrator activity. Finally, using a retract bin with separate compartments each dedicated to a single retract operation can allow FIs to associate specific, retracted banknotes with specific transactions. Logical/Data Security Core to protecting sensitive cardholder data are the Payment Card Industry Data Security Standards (PCI DSS). A set of requirements developed by the PCI Security Standards Council for addressing the security of cardholder data that is stored, processed or transmitted, PCI DSS was created to help facilitate the adoption of strong and consistent data security measures to help protect sensitive cardholder data using a point-of-sale device, e-commerce and ATMs. It protects customersensitive data such as security management, policies, procedures, network architecture, software design and other critical protective measures. It is a set of comprehensive requirements for safeguarding cardholders sensitive data. The PCI Council has defined and specified a set of requirements that merchants and service providers who handle such sensitive data have to implement. PCI DSS defines a set of 12 requirements that address six main areas: Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy Visit: for more information on PCI DSS requirements and compliance. ATM logical security systems should be designed to prevent intrusion, defy hackers and prevent data crime before it begins. To mitigate logical security attacks, ATM security experts recommend a strong firewall featuring multiple layers of security to mitigate logical security attacks. An important first step is to lock down, or harden, the ATM. This means making all electronic points of entry invisible or unavailable to hackers, viruses and worms. This technique is made possible through a combination of a strong firewall and software designed to monitor, analyze and authenticate any external source attempting to connect to an ATM. This solution should be designed to block any unauthorized user or pattern of data. In fact, a good logical security system should be able to analyze and compare patterns of data to those of known attacks and send alerts upon detecting suspicious activity. Patch management is another important component 6

7 of any logical security system. Microsoft occasionally releases security patches security-related updates to its operating system designed to eliminate known problems with its operating system. ATM logical security systems should be designed to identify appropriate patches and to quickly deploy them throughout an ATM network in an effort to protect against viruses, worms and other exploitation. Physical Security Since their invention, ATMs have been designed to resist physical attacks. Yet that has not completely eliminated physical security risks. According to research conducted by the European ATM Security Team, gas explosion attacks in Europe rose 90 percent in the first half of 2011 compared to the same period in Not only do these attacks result in significant cash and equipment loss, but damage to surrounding facilities and harm to bystanders are also potential damages this type of attack can cause. As a result, more sophisticated approaches to physical security, including the use of bank note degradation systems (ink dye system) designed to render currency useless, have gained in popularity as mechanisms for deterring physical attacks. Modern ATM engineering has resulted in improved fascia design, weather and vandal-resistant construction materials, shutters and other devices designed to protect and ensure the integrity of ATM components and cardholder data. Preventing Burglaries There is a variety of mechanical and physical factors than can inhibit attacks to ATM safes. The certification level of a safe, for example, can determine how difficult a safe is to penetrate. A certification level of UL291 Level 1 or CEN-L rated safe is recommended as a minimum for ATMs placed in unsecured, unmonitored locations. Additional Security Measures at the ATM Consumer Safety at the ATM In a 2011 poll conducted by the European ATM Security Team, 20 percent of survey participants claimed to have been a victim of ATM crime. Not surprisingly, consumer safety has become a leading consideration in the manufacture, deployment and management of ATM networks. Manufacturers have deployed mirrors, better lighting, video surveillance and other devices intended to provide a more secure environment surrounding ATMs. FIs are more carefully evaluating ATM locations, more often stressing the importance of consumer awareness and have gone so far as to arrange for security patrols at high crime, high traffic locations. Video Surveillance The primary method used to increase awareness and deter fraud attempts at the ATM is the installation of Closed Circuit Television Cameras mounted in plain view on or near the ATM. This may be because similar technology deployed in branch environments has proven itself invaluable as it constantly deters crime and helps apprehend bank robbers. Nowhere does this sort of digital security offer more benefits than in the surveillance of offpremises ATMs, which present obvious challenges with regard to maintenance and security. Cameras can be easily integrated into the fascia of most ATM machines and improved security can be achieved by installing additional site cameras on and around the premises. The availability of remote video surveillance services makes digital video an even more attractive security option, because many ATMs and their surrounding areas can be directly monitored from a single, central location. Remote Monitoring Remote diagnostic services provide an automated means to monitor and manage ATM networks. Remote monitoring can communicate important messages that may indicate tampering with a machine. Remote diagnostics, monitoring and management provide improved uptime and reduced risk. These services promote dispatch avoidance and enable a group of central support associates to control keyboard and mouse operations of ATMs directly from remote computers. Through ATM monitoring capabilities, status messages from an ATM can be sent to a central location where those messages are acted upon based upon a predefined plan. Central support associates can quickly identify problems and security concerns based upon the messages they receive. For example, the continual notification of a card reader failure or a drastic decline in transactions at an otherwise busy location might be an indication of tampering. Remote diagnostic services also contribute to the safety and security of personnel assigned to work on ATMs, allowing these associates remote access and gives them the ability to manage events from a secure location. Further, the best defense against potential litigation by crime victims is a proven track record of policies aimed at crime prevention. The following are practices to consider for educating consumers, deterring crimes and improving the security of ATM premises. Consumer Education o Make safety and security educational materials available o Provide safety information directly on ATM screens 7

8 o Print safety and security reminders on ATM receipts Crime Prevention o Videotape customers and ATM transactions o Provide video surveillance of parking lots and other areas surrounding ATMs o Document requests to local police to patrol areas surrounding ATM o Increase security measures in areas of frequent crime o Use contracted security guards as patrols or as sentinels o Maintain records relating to security complaints; document action taken as a result of each complaint o Maintain a record of proper security equipment maintenance Premises Protection Conclusion o Locate ATMs in highly visible, well-traveled areas o Employ high-intensity lighting at and around ATMs o Designate parking spaces dedicated to ATM Use Only o Keep trees, shrubs and other greenery well trimmed; remove other obstacles that may obscure the view of ATMs and the areas around them Threats at the self-service channel come in many forms and are constantly increasing in frequency and sophistication. According to a 2011 study conducted by CPP Research, 28 percent of adults more than 13 million people have been a victim of card fraud in the United Kingdom alone. ATM fraud is growing because it produces cash and is fairly low risk relative to other crimes. The necessary equipment for perpetrator activity is inexpensive, readily available and expendable, which makes ATM fraud popular among organized crime organizations. Even so, consumer confidence in ATMs remains high, and industry efforts to combat fraud, increase consumer awareness and promote ATM security seem to be outpacing the growth rate of criminal activity. A multi-layered approach to ATM security combining technologies such as video surveillance and monitoring, remote ATM management and foreign object detection as well as common sense management practices aimed at deterring crime are providing FIs with an edge in the fight against fraud and keeping the self-service industry at least one step ahead of fraudsters. End Notes 1. Global ATM Market and Forecasts to Retail Banking Research. September Brochure Pg European ATM Crime Report. The European ATM Security Team. June Asia-Pacific ATM market booms while USA and much of Western Europe falls. Press Release. Retail Banking Research. October 13, From Mag Stripe to Malware: Card Security Risks in Aite Group Summary of Website Research Poll Results. The European ATM Security Team. October Pg million people in the UK affected by card fraud. CPP. January Contact Information: Diebold, Incorporated P.O. Box 3077 Dept.9-B-16 North Canton, Ohio USA International Diebold, Incorporated, All rights reserved. File number

ATM FRAUD AND COUNTER MEASURES

ATM FRAUD AND COUNTER MEASURES ATM FRAUD AND COUNTER MEASURES GENESIS OF ATMs An automated teller machine was first introduced in 1960 by City Bank of New York on a trial basis. The concept of this machine was for customers to pay utility

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

SECURITY IS EVERYONE S RESPONSIBILITY. Group Security. ATM Card Skimming and PIN Capturing Customer Awareness Guide

SECURITY IS EVERYONE S RESPONSIBILITY. Group Security. ATM Card Skimming and PIN Capturing Customer Awareness Guide SECURITY IS EVERYONE S RESPONSIBILITY Group Security ATM Card Skimming and PIN Capturing Customer Awareness Guide What is ATM Card Skimming and PIN Capturing? ATM Skimming and Personal Identification Number

More information

March 2014. Skimming Prevention Kit. For Business Owners 1

March 2014. Skimming Prevention Kit. For Business Owners 1 Skimming Prevention Kit For Business Owners 1 Contents Introduction:... 3 Debit Card Fraud:... 3 What is Debit Card Skimming?... 3 Who is Affected?... 3 Impact on Consumers... 3 Impact on Financial Institutions...

More information

Why Data Security is Critical to Your Brand

Why Data Security is Critical to Your Brand Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information

Protecting the POS Answers to Your Frequently Asked Questions

Protecting the POS Answers to Your Frequently Asked Questions Protecting the POS Answers to Your Frequently Asked Questions PROTECTING THE POS What is skimming? Skimming is the transfer of electronic data from one magnetic stripe to another for fraudulent purposes.

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

Franchise Data Compromise Trends and Cardholder. December, 2010

Franchise Data Compromise Trends and Cardholder. December, 2010 Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

TABLE OF CONTENTS. Sabric Card Fraud Booklet 2014. Debit Card Fraud. How Does RSA Compare Internationally? Fraud Types

TABLE OF CONTENTS. Sabric Card Fraud Booklet 2014. Debit Card Fraud. How Does RSA Compare Internationally? Fraud Types TABLE OF CONTENTS Summary Sabric Card Fraud Booklet 2014... 3 Qualification of Information... 4 National Overview of Card Fraud (2006-2014)... 5 Credit Card Fraud... Where Does the Fraudulent Expenditure

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

Preparing for EMV chip card acceptance

Preparing for EMV chip card acceptance Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June

More information

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 The most significant trend is decreasing paper payments and increasing electronic payments. Many organizations are also seeing

More information

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online. 1 February 2010 Volume 2, Issue 1 The Merchant Serving Florida State University s Payment Card Community Individual Highlights: Skimming Scam 1 Skimming at Work 2 Safe at Home 3 Read your Statement 4 Useful

More information

How to Help Prevent Fraud

How to Help Prevent Fraud TD Canada Trust How to Help Prevent Fraud Merchant Services tips to help protect your business Fraud Awareness All credit cards issued in Canada are designed with special security features to help deter

More information

Video Intelligence Platform

Video Intelligence Platform Security Whitepaper Five Tips to Fight ATM Skimming ATM skimming is a global crime that incurs annual losses of $1 billion. At the basic level, thieves seek to extract cash from bank accounts; however,

More information

Understand the Business Impact of EMV Chip Cards

Understand the Business Impact of EMV Chip Cards Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009 AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation

Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation June 2009 Cairo, Egypt Joanna P. Crane Identity Theft Program Manager Senior Attorney The views

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY

More information

HOW TO PROTECT YOUR BUSINESS AND YOUR CUSTOMERS FROM DATA FRAUD

HOW TO PROTECT YOUR BUSINESS AND YOUR CUSTOMERS FROM DATA FRAUD HOW TO PROTECT YOUR BUSINESS AND YOUR CUSTOMERS FROM DATA FRAUD 2 Protecting Data Is Good Business What s at stake? Risky behavior: Results of an NFIB/Visa USA survey 3 Are You a Target? Gauge your risk

More information

An Oracle White Paper July 2010 U.S. CARD FRAUD

An Oracle White Paper July 2010 U.S. CARD FRAUD An Oracle White Paper July 2010 U.S. CARD FRAUD Contents Card fraud can be placed into six categories:... 3 2 Card fraud costs the U.S. card payments industry an estimated US$8.6 billion per year. Although

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

Langara College PCI Awareness Training

Langara College PCI Awareness Training Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security

More information

White Paper: Are there Payment Threats Lurking in Your Hospital?

White Paper: Are there Payment Threats Lurking in Your Hospital? White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep

More information

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY FRAUD ALERT THESE SCAMS CAN COST YOU MONEY Phishing spear phishing vishing smishing debit card skimming fake check scams THE COMMON SENSE PRECAUTIONS INSIDE CAN KEEP YOU SAFE! SCHEMES SCAMS FRAUDS Criminals

More information

American Bankers Association

American Bankers Association Statement for the Record Of the American Bankers Association before the Committee on Small Business United States House of Representatives Statement for the Record American Bankers Association Committee

More information

Merchant Services. How to help protect your business

Merchant Services. How to help protect your business Please immediately report any suspicious activity involving credit card or debit card use to TD Merchant Services at 1-800-6-116 For more information, visit www.tdmerchantservices.com Merchant Services

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Securing the Payments System. The facts about fraud prevention

Securing the Payments System. The facts about fraud prevention Securing the Payments System The facts about fraud prevention Contents Introduction 3 Visa s Security Programme 4 Fraud Types and Threats 6 Fraud Statistics and Research 7 Visa s Security Agenda for New

More information

PIN Pad Security Best Practices v2. PIN Pad Security Best Practices

PIN Pad Security Best Practices v2. PIN Pad Security Best Practices PIN Pad Security Best Practices Introduction The payment industry and card associations adopted PED and PCI PED requirements because of concerns that sophisticated criminal organizations may have the resources

More information

PAYMENT SECURITY. Best Practices

PAYMENT SECURITY. Best Practices PAYMENT SECURITY Best Practices At VeriFone, the protection of cardholder information is a top priority. To ensure merchants have secure payment solutions for their customers, and to help protect merchants

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA Australian Payments Clearing Association AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA 214 Australian Payments Clearing Association Limited ABN 12 55 136 519 CONTENTS OVERVIEW 1 SECTION 1 Fraud rates 4 SECTION

More information

Security Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited

Security Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited Security Guide for electronic transactions UniBank is a division of Teachers Mutual Bank Limited Teachers Mutual Bank Limited ABN 30 087 650 459 AFSL/Australian Credit Licence 238981 Who We Are UniBank

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM tokenex.com OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM A TokenEx Case Study Case Study OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM TABLE OF CONTENTS Understanding Data Security

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

Contents Security Centre

Contents Security Centre Contents Security Centre... 1 1. Search Engines... 2 2. Online Applications... 2 3. Virgin Money Credit Card Online Banking Security Measures... 2 3.1 Access Number, PIN and Password... 2 3.2 Keypad...

More information

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

EMV's Role in reducing Payment Risks: a Multi-Layered Approach EMV's Role in reducing Payment Risks: a Multi-Layered Approach April 24, 2013 Agenda EMV Rationale Why is this worth the effort? Guides how we implement it EMV Vulnerability at the POS EMV Impact on CNP

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions

More information

Electronic Security. For Financial Institutions

Electronic Security. For Financial Institutions A partner you can bank on Our bank was growing. New branches. New card processing center. We wanted to tie access control, alarm monitoring and video surveillance into one system we could monitor from

More information

ATM Channel Management

ATM Channel Management Hosted by: Presented by: ATM Channel Management Agenda Introduction Marketing at the ATM ATM Availability Management Software Deployment Future of Channel Management Q & A Introduction ATM Channel Management

More information

Merchant Payment Card Processing Guidelines

Merchant Payment Card Processing Guidelines Merchant Payment Card Processing Guidelines The following is intended to provide guidance that departments or units can use to help develop specific procedures for their department or unit. If you have

More information

ATM Card Skimming & PIN capturing

ATM Card Skimming & PIN capturing ATM Card Skimming & PIN capturing Customer Awareness Guide Commonwealth Bank of Australia What is ATM card skimming? A method used by criminals to capture data from the magnetic strip on the back of an

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc. PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information

More information

Data Security for the Hospitality

Data Security for the Hospitality M&T Bank and SecurityMetrics Present: Data Security for the Hospitality Industry Featuring Lee Pierce, SecurityMetricsStrategicStrategic Accounts Dave Ellis, SecurityMetrics Forensic Investigator Doug

More information

IDENTITY ALERT: The Fight to Defend Your Identity and Personal Information

IDENTITY ALERT: The Fight to Defend Your Identity and Personal Information IDENTITY ALERT: The Fight to Defend Your Identity and Personal Information A frightening crime with an untraceable weapon, identity theft is creating anxiety across the country. In fact, 2 out of 3 Americans

More information

Chip Card (EMV ) CAL-Card FAQs

Chip Card (EMV ) CAL-Card FAQs U.S. Bank Chip Card (EMV ) CAL-Card FAQs Below are answers to some frequently asked questions about the migration to U.S. Bank chipenabled CAL-Cards. This guide can help ensure that you are prepared for

More information

Commercial Payments Overview. Visa Commercial Partnerships October 2013

Commercial Payments Overview. Visa Commercial Partnerships October 2013 Commercial Payments Overview Visa Commercial Partnerships October 2013 Agenda Commercial Payments VisaNet Commercial Payments Trends Fraud/Risk Mitigation Regulatory update Visa Commercial Payments Overview

More information

Fraud Minimisation Guide ANZ Merchant Business Solutions

Fraud Minimisation Guide ANZ Merchant Business Solutions Fraud Minimisation Guide ANZ Merchant Business Solutions INTRODUCTION Fraud can occur in and is a risk for any business that accepts credit cards and it can have a significant financial impact on your

More information

16 th European Report on Bank Robberies. Executive Summary. EBF ref. 2283. Brussels, November 2008

16 th European Report on Bank Robberies. Executive Summary. EBF ref. 2283. Brussels, November 2008 EBF ref. 2283 Brussels, November 2008 16 th European Report on Bank Robberies Executive Summary The problem of robberies is constant and will remain as long as money exists. Recently, countries have had

More information

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE

More information

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group Abstract: Visa Inc. and MasterCard recently announced plans to accelerate chip migration in the

More information

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry

More information

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV) U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled

More information

Visa CREDIT Card General Guidelines

Visa CREDIT Card General Guidelines Visa CREDIT Card General Guidelines General Account Information Phone Numbers and Addresses It is very important to keep us up-to-date with your correct address and phone number. Card reissues/replacements

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

Achieving Compliance with the PCI Data Security Standard

Achieving Compliance with the PCI Data Security Standard Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),

More information

EMV EMV TABLE OF CONTENTS

EMV EMV TABLE OF CONTENTS 2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.

More information

EMV ADOPTION AND YOU: WHAT YOU REALLY NEED TO KNOW

EMV ADOPTION AND YOU: WHAT YOU REALLY NEED TO KNOW : WHAT YOU REALLY NEED TO KNOW WHAT IS EMV? EMV specifications are a global set of guidelines developed by Europay, MasterCard and Visa (EMV) in the 1990s to standardize embedded chip card technology.

More information

University of York Policy on the Management of Debit/ Credit Card Data

University of York Policy on the Management of Debit/ Credit Card Data University of York Policy on the Management of Debit/ Credit Card Data Version 1.0 25th February 2015 Index 1 Introduction and Policy Statement 1.1 The Payment Card Industry Data Security Standard (PCI

More information

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors

More information

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, 2015. One Connection - A World of Opportunities One Connection - A World of Opportunities Security Tiffany Trent-Abram VP, Global Product Management November 6 th, 2015 2015 TNS Inc. All Rights Reserved. Bringing Global Credibility and History TNS Specializes

More information

DATA SECURITY: EVERYTHING YOU NEED TO KNOW

DATA SECURITY: EVERYTHING YOU NEED TO KNOW DATA SECURITY: EVERYTHING YOU NEED TO KNOW! Data Breaches: Where, What and Why! Federal and State Regulations to Protect Data! EMV Chip Technology! PIN or Signature?! Existing and Emerging Security Options!

More information

Credit Card Processing, Point of Sale, ecommerce

Credit Card Processing, Point of Sale, ecommerce Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits

More information

Becoming PCI Compliant

Becoming PCI Compliant Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History

More information

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009 Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods

More information

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA)

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA) Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA) House Small Business Committee Hearing on the EMV Deadline and What It Means for Small Business

More information

Statement of Stephen W. Orfei General Manager PCI Security Standards Council

Statement of Stephen W. Orfei General Manager PCI Security Standards Council Statement of Stephen W. Orfei General Manager PCI Security Standards Council Before the Committee on Financial Services, United States House of Representatives Protecting Consumers: Financial Data Security

More information

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Serving millions of people worldwide with electronic payment convenience. Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Copyright 2011 Euronet Worldwide, Inc. All

More information

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows: What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers

More information

3 1 The use of open networks in the payment card environment

3 1 The use of open networks in the payment card environment 3 TECHNOLOGY WATCH As part of its technology watch, the Observatory conducted two studies in 2006. The first dealt with the impact of the use of open networks in the payment card environment and the second

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Fraud and Identity Theft. Megan Stearns, Credit Counselor

Fraud and Identity Theft. Megan Stearns, Credit Counselor Fraud and Identity Theft Megan Stearns, Credit Counselor Agenda Fraud and identity theft statistics Fraud Identity theft Identity theft prevention Protecting your Social Security Number Online prevention

More information

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent

More information

SECURITY SOLUTIONS BANKING AND FINANCE

SECURITY SOLUTIONS BANKING AND FINANCE SECURITY SOLUTIONS BANKING AND FINANCE Pacom has developed a distinguished reputation as a global leader in the field of remote security management for the banking and financial market. Over 25 years of

More information

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500 INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

How crime can undermine the convenience of cash

How crime can undermine the convenience of cash How crime can undermine the convenience of cash White Paper next > > How crime can undermine the convenience of cash 3 > Three categories of attack scenarios 5 > Protection against physical attacks 5 >

More information

Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money

Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money Be Safe, Smart and Secure: Simple Ways to Protect Your Identity and Your Money Cards protect you and your money Electronic payment cards are one of the safest and most secure ways to purchase goods and

More information

2012 Payment Card Threat Report

2012 Payment Card Threat Report 2012 Payment Card Threat Report The second annual study of unencrypted payment card storage Automated Attacks and Card Data Handling In 2011, data breaches increased 42% and as such, last year was reported

More information

Security Basics: A Whitepaper

Security Basics: A Whitepaper Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview

More information

NEWS BULLETIN 2015-16

NEWS BULLETIN 2015-16 NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager

More information

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions. Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.

More information

Statement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the

Statement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the Statement of Carlos Minetti Discover Financial Services Before the Subcommittee on Oversight and Investigations of the Committee on Financial Services United States House of Representatives July 21, 2005

More information

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL Before the Subcommittee on Financial Institutions and Consumer

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information