Over the last year there has been a noticeable increase in credit card fraud that has affected many New Mexico financial institutions as well as their customers. Criminals are targeting small businesses that use point of sale (POS) terminals to accept customer purchases, such as restaurants and retail merchants.
The fraud works like this. Outdated POS software is attacked by hackers, who compromise the POS terminal and intercept debit and credit card numbers. These numbers are then offered for sale through underground channels on the Internet, which are purchased by criminals. The criminals then manufacture counterfeit debit cards using the valid card numbers, and spend against these cards until the fraud is discovered and the account is closed.
One local retailer had its point of sale terminals compromised, resulting in over $600,000 in reported fraud and hundreds of victims.
Although these crimes are being actively investigated, it is always better to prevent them from happening in the first place. The losses from this crime can be minimized in several ways.
Steps for Business Owners:
- Ensure that your Business is PCI Compliant (www.pcisecuritystandards.org). Review the PCI Self-Assessment Questionnaire which shows if your business is currently meeting PCI standards. Some of the important PCI principles to consider include:
- Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use default or simplistic system passwords.
- Encrypt transmission of cardholder data across open, public networks.
- Use up-to-date anti-virus software and set it up for automatic updates.
- Regularly Monitor and Test Networks
- Maintain a policy that addresses Information Security.
- Build and Maintain a Secure Network
- Ensure that the person(s) who handle your Information Technology (IT) have completed the work that was requested in a timely manner.
- Make sure that your POS software is currently running the most up-to-date version.
- Carefully review your business network incoming traffic and outgoing traffic to ensure no customer data is being infiltrated.
In some circumstances, small businesses that are targeted by the computer intrusions could be held liable for any losses involving stolen credit card data and could also be legally responsible for assisting the victims to ensure their compromised information is not used for other criminal activities.
When small businesses do not take the necessary steps to protect their networks, they can lose business and money, but so do the financial institutions that fund the credit cards, and ultimately the general public who carry the burden through higher fees, lower interest rates, and fewer benefits from their financial institutions.
By working together, we can make New Mexico a safer place for conducting business and at the same time protect the identity of our citizens.
July 2010
The New Mexico Restaurant Association’s mission is to empower the food and beverage industry by promoting and protecting common values and interests. It has more than 1,000 members in 111 cities all over New Mexico, who join together for meetings, seminars and the hospitality industry awards to honor the industry’s top achievers. It has actively represented and promoted the food service industry in New Mexico since 1946.
