All Top Banking

Retailers Told How to Stop Scams at the Register

Posted by John B. Frank Monday, August 18, 2008

Merchants looking to hold on to their sales have to help protect their customers’ financial information, a fraud expert told a gathering of businesspeople yesterday. Losing that information to data thieves “can be pretty catastrophic, especially for smaller merchants,” said Visa Inc. security expert Lauren Holloway.

Holloway is traveling the country this month and next to review data-security basics with merchants around the country. Her presentations are part of a joint effort by the U.S. Chamber of Commerce and the credit-card giant to help staunch the data breaches that are plaguing businesses and ruining the finances of some Americans.  Electronic payments passed paper checks in usage in 2003 and continue to outstrip the age-old payment method.

“It’s one of those issues that can reach out and hit anyone at any time,” said Laurie White, president of the Greater Providence Chamber of Commerce, which cosponsored yesterday’s presentation with the U.S. Chamber and Visa Inc.  Yesterday’s presentation is a timely one, coming a week after 11 people, including a U.S. Secret Service informant, were charged in connection with the hacking of nine major retailers and the theft and sale of more than 41 million credit- and debit-card numbers. 

The data breach is believed to be the largest hacking and identity theft case ever prosecuted by the Department of Justice, which charged the suspects with conspiracy, computer intrusion, fraud and identity theft. The indictment returned last week by a federal grand jury in Boston alleges that the suspects hacked into the wireless computer networks of retailers including TJX Cos., BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW and set up programs that captured card numbers, passwords and account information.

In the case of TJX Cos., which operates TJ Maxx, Marshalls and other chains, hackers stole data on at least 45.7 million credit- and debit-card customers. A banking group that has filed suit against TJX Cos. alleges that more than 94 million accounts were affected.  Attorney General Patrick C. Lynch noted the breach at Framingham, Mass.-based TJX Cos. Inc., which occurred last year, and two others that affected Rhode Islanders — last year’s Stop & Shop PIN pad case and the ChoicePoint data loss in 2005.  Ross-Simons and CVS Corp. also have dealt with data-security issues in the last three years.

In the Stop & Shop case, four men diverted $132,000 from 1,100 bank accounts, using information stolen from the supermarket chain’s stores in Coventry and Cranston.  The 2005 breach at ChoicePoint Inc. compromised the financial data of as many as 145,000 Americans. In the scam, thieves posing as small-business customers gained access to the company’s database and at least 750 people were defrauded, authorities said at the time. According to the data-warehousing company, 1,122 Massachusetts residents and 203 Rhode Island residents may have been victims. The breach led to a change in Rhode Island law, which now requires businesses to disclose breaches to the public in a timely manner.

Small-business merchants accounted for more than 80 percent of the data-security breaches in 2007, according to an analysis by Visa (V:NYSE), the San Francisco-based company which operates the world’s larges retail electronic-payments network. The incidents are worrying consumers, Lynch and Holloway said. The consumer protection unit in his office handles about 40,000 questions from people annually, Lynch noted. “Never before, until this year, was identity theft in the top 10 — it shot right up,” Lynch.  Holloway agreed. “Consumers are definitely concerned; they’re more cautious about how they use [payment cards],” she said.

One simple way to protect customer data is to make sure checkout registers and electronic-payment pads are collecting only that data needed to process a payment and deleting any customer personal data as soon as it’s no longer needed, which could be instantaneously in most instances. The storage of full magnetic stripe information, security codes and PIN data is prohibited by industry agreement. Also, merchants need to train their salespeople to spot suspicious purchases, whether the transactions are made in person, over the phone or online.

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio