Embed Size (px)
Citation preview
POS Fraud Prevention
Securing Your POS. Protect your customers. Protect your reputation.
Overview– Introduction to Halo Metrics
• Loss prevention solutions (Canada & US• The Halo Metrics Experience
– POS Data Breach• Malware attacks vs. Skimming• How Data is taken • Will EMV Chip technology help?• Examples of PIN Pad tampering• Liability Shift• PCI Compliance
– Customised Solutions for POS Equipment– Conclusion & Questions
Since 1988
Since 1988
POS Hardware Security
Convex Mirrors Turnstile Crowd Control
Customers
What is Halo’s Experience Protection?
Is about protecting the honest consumers shopping experience
99% of consumers are honest
Loss Prevention can enhance and protect the total consumer shopping experience
This includes point of sale
Point of Sale
Point of Sale is an important step in the shopping experience
A great experience here involves having quick moving lines, friendly service and quick but secure payment processing
Data Breach is a Major Issue…
Many Retail businesses have been hit by credit card data breaches from Point of Sale systems
How does it happen?
Two primary methods include:1)Malware virus planted in payment servers or equipment2)Tampering with POS equipment or “Skimming” attacks
*image courtesy of symantec.com
Malware on POS Equipment or Servers
POS malware exploits a gap in the security of how card data is handled. While card data is encrypted as it’s sent for payment authorization, it’s not encrypted while the payment is actually being processed, i.e. the moment when you swipe the card at the POS to pay for your goods.
“Skimming” Attacks involve Theft & Tampering of POS Equipment
EXAMPLE:
Two person team about to steal a POS card swipe machine
Theft can happen to any business
One partner looks out while the other starts the theft of the POS equipment
Note the time: 19:52:02
Gone in 60 seconds…
He has removed the device.
Note the time: 19:53:00
Out the door…
Theft is complete
Note the time: 19:53:00
How do they tamper with the POS?Here is an example of a POS terminal with a fake cover:
Modifying POS:Internal components modified to capture credit and debit card data.
Data can be remotely accessed
Data is collected and downloaded
Information provided by:
Data from Magnetic SwipeSee this video and how easy it is to download banking data:
What Kind of Data is Being Taken?
The Data is Sold Online:Data in Track 1 has less value because it can only be used online.
Source: http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks
Data in Track 2 is more lucrative as it is used to clone cards used in bricks and mortar businesses
Will EMV (Chip) Technology Help?
Chip + PIN enabled technology does make it more difficult to counterfeit cards
This is not new technology! It has been implemented all over the world and fraud still occurs
Liability Shift in October 2015
The party that is the cause of a chip-on-chip transaction not occurring (i.e., either the issuer or the merchant’s acquirer) will be financially liable for any resulting card-present counterfeit fraud losses.
June 30, 2015 – Protect your POS Device
Current PCI Compliance regulations require that payment devices must be protected from tampering and substitution
Payment Card Industry (PCI) Data Security Standard
Customized Security Solutions for POS
Halo Metrics offers customized security solutions for POS equipment
Pick Your POS Security Platform
Pick your Security Options
We can custom build security options into your security stand
Satisfied POS Security Customers
Thank you
