Merchant Account Types

Merchant Account Providers

News & Advice

Merchant Account Tools

Merchant Account Guide > Merchant Account News > 6 tips for securing your payment system


Print this article: 6 tips for securing your payment system Print 
Email this article: 6 tips for securing your payment system Email 

6 tips for securing your payment system

Technology has been a boon to merchant payment systems: they're faster, more efficient, more comprehensive and easier to run than ever.

pin-number

They also have their flaws, as Michaels Stores found out recently when the arts-and-crafts retail giant discovered that criminals had broken into 90 payment terminals in 80 stores across 20 states and used the stolen information to steal funds from customers' debit accounts.

As executives at Michaels and retail merchants across the U.S. have discovered, high-technology fraudsters have kept up with the times and have learned how to break into even the most advanced credit and debit card payment systems.

According to a 2010 LexisNexis study, U.S. merchants suffered more than $139 billion that year in fraud losses. LexisNexis also says that for every $100 in fraudulent transactions, merchants absorb a "true" cost of $310 in actual losses, including financial losses linked to lost or stolen merchandise.

The study doesn't point to card payment systems as the primary access target by financial fraudsters, but payment systems are a common point of entry for scammers and thieves. Law enforcement officials say thieves are growing increasingly more sophisticated, especially when it comes to point-of-sale (POS) terminals and consumer personal identification numbers (PINs).

"Fraud continues to be a $100 billion problem for retail merchants," said Jim Rice, director of market planning for retail and e-commerce markets at LexisNexis Risk Solutions, in a statement. "While the total cost of fraud has gone down since last year, retailers still lose more than three dollars for every one dollar lost due to a fraudulent transaction, and online or mobile fraud is a growing threat."

Experts say that as fraudsters' sophistication grows, it's become increasingly important for merchants to monitor their terminals for possible tampering and take steps to avoid new forms of fraud. "Fraudsters have become very sophisticated at taking payment terminals apart and figuring out ways to capture payment card data and PINs," said data security expert Jose Diaz in an interview with ISO & Agent Weekly. "It may be impossible to completely prevent fraud, but there is a lot merchants can do in their basic store setups and routines to prevent it." 

So how do you begin protecting your card payment systems? First, add as many protective layers to your system as possible, thus making that payment system as safe as possible. Here are 6 key steps that you should start with:

1. Ask what's in your payment system.
 Merchants who want to build a granite wall against card criminals should start by knowing what data is in their systems, and how it's used (because that's where criminals start). Contact your card payment systems provider and ask what data is in your system, where it's located, who has access to it and when and how users can access that data.

2. Be careful how you use customer card information.
 To protect your customers' data, use their personal credit card data only for payments. Don't give criminals another target for credit card fraud by using that data for non-payment purposes, such as for daily settlements or authentication.

3. Limit who has access to your payment system.
 Keep a strict lid on who gains access to your system, and make sure all employees who need access to card data are each accurately coded for system access -- making entries easier to track in case of fraud or theft. Conduct regular checks on the procedures you've implemented to keep customer data safe. Remember, almost half of all payment system breaches are triggered by employees.

4. Include background checks for new hires.
 In the merchant hiring market, always trust -- but verify. Conducting background checks on employees can weed out felons and other sketchy potential hires.

5. Watch for suspicious transactions.
 This is especially true of foreign transactions. Sure, you don't want to stereotype, but you have to watch out for large bulk orders -- especially for high-priced items -- from places like Eastern Europe and Asia. Law enforcement officials say the former Soviet Bloc and certain Pacific Rim bourses are hotbeds for credit card theft, so check and double-check large orders from the area.

To verify addresses and phone numbers, use an online identity check site like 411.com to confirm any orders you deem to be suspicious. 

6. Regularly check for signs of criminal misuse. 
Set up a system in which you regularly check your payment terminal for signs of tampering. Depending on your budget, you may also want to consider hiring a security expert to come in once a month to check if the system has been broken into.You can get a check-up for around $100.

As Michaels knows only too well, payment system security isn't a luxury; it's a necessity. Treat it that way and your customers' chances of becoming card theft vistims can be significantly reduced.

See related: 5 ways to reassure your customers about payment security; Point-of-sale devices are an easy fraud target, say experts

Published: June 7,2023

Comments or Questions, Library of Stories

Three most recent Data security stories: