Let's face it, it's becoming more and more frequent to read about credit card data breaches in the news these days.
Unfortunately, what is not touched on as frequently as the numerous electronic threats are the physical security issues present in restaurant and retail establishments.
Netsurion's CEO Kevin Watson posted a blog in January 2015 listing Five Steps to Protect Retailers from Credit Card Theft. To follow up on the information presented in that article, we want to provide additional knowledge that retailers can utilize in protecting themselves from credit card theft.
We are, and have been, rapidly migrating toward a cashless society. Consumers today expect and deserve to feel safe and secure when presenting credit cards during transactions.
Therefore a certain social as well as business obligation exists for restaurants, retailers, and other businesses to respect the personal data of consumers. This extends to the employees that represent those businesses, as well.
So without further hesitation, here are Netsurion's Six Simple Rules For Safe Credit Card Handling.
Train employees to understand and deny the use of any unauthorized external device, such as a "skimmer", used to record credit card information. Criminals have been known to be brazen enough to approach employees requesting to install devices in order to record credit card information.
A majority of the time, it is the employee that is caught and prosecuted, not the criminal. It may seem like easy money, however it can easily mean jail time for the employee involved.
At times, companies may choose to keep credit card data for means of convenience. This practice, however efficient it may seem, is not safe.
Cardholder information must be kept in a locked drawer, with very limited access to the data. Once you factor this security in, many businesses realize that collecting data during each individual purchase is a more efficient method while also holding less risk for the business.
If you don't need it, destroy it, and do so properly.
Destroy all physical credit card data when it no longer serves a practical purpose. Netsurion's Credit Card Handling video details several methods to properly dispose of physical credit card data.
Do not send sensitive credit card or banking information via email. Period.
As an aside, ensure that employees are trained to understand that your company will never request individual cardholder data under any circumstances. Any attempts to request such information should be notified to a manager immediately.
Sometimes we are forgetful. If a customer mistakenly leaves their card in your establishment, contact them the same day to inform them your business is in possession of the card and that it will be destroyed if not properly claimed within a specific amount of time.
Netsurion advises no more than a 24-hour window. However, we urge you to check with your management team for your company’s specific policies relating to this practice.
If the consumer does return after the specified time, politely inform them that you properly destroyed their card in order to protect their information and to ensure their security.
If something seems suspicious, report it. If you see credit cards being stored in an unsafe manner, report it to the proper management team so it may be corrected.
Additionally, regularly inspecting the cash wrap area for any evidence of physical hardware tampering is strongly recommended to combat security threats.
Restaurants and retail establishments post the highest turnover rates, with each employee costing employers up to $3,000 or more to train. With such high turnover rates and costs associated with training employees, any and all free training should be a welcome resource in assisting with securing and running a business.
Netsurion offers employers a free Safe Credit Card Handling Video, complete with a confirmation to indicate that the employee has viewed and completed the video in its entirety.
After viewing the video, one should find it to be comprehensive enough for all employees involved, from part-time employees to managers and owners alike. Employees benefit greatly, and could be enticed to study the video. This training may be added to an application as a skillset, increasing an employee's odds of being hired, making a higher wage, and being more desired as an employee trained in safe credit card handling procedures.
Owners can benefit by reducing the ever-increasing credit card data threat to their business.
Subscribe to Lumifi's Daily Cybersecurity News Curated by a CISO
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.