These days no one is immune from identity theft. With the increased sophistication of cybercriminals and the escalating number of breaches happening every day, you and your patrons can become a victim of fraud at any time. Here’s how to keep your business and your patrons protected from identity theft:
- Install point-to-point encrypted (P2PE) card readers: Make sure you invest in card readers that encrypt credit card data from the moment they’re captured through their transmission to the payment processor.
- Perform regular security audits: Conduct regular security audits to identify vulnerabilities and ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS) and other industry standards.
- Ensure your network infrastructure is secure: Maintain a secure network infrastructure by implementing firewalls, intrusion detection/prevention systems, and strong access controls. Make sure to regularly update your system software to detect new and emerging threats.
- Use contactless payment methods: Consider offering contactless payment methods such as mobile payment apps to decrease the chance of data being skimmed from the magnetic strip or EMV chip on patrons’ credit cards.
- Restrict access to your payment terminals and systems: Ensure your payment terminals and data storage systems are physically secure by restricting access to authorized personnel only and using surveillance and control systems to monitor access to these systems.
- Limit data retention: Retain patrons’ credit card data for the shortest possible amount of time and have procedures and policies in place to securely dispose of this data.
- Train your staff on the importance of personal information protection: Train your staff on the best practices for handling patron’s personal information (PI), identifying potential threats to their data, and taking steps to mitigate these threats.
- Be aware of card-skimming devices: Be on the lookout for gas pump card skimmers. These devices are purposely designed to look like part of your point-of-sale hardware. Make sure your pumps are inspected daily, are free of these devices, and your staff has been trained to recognize when one is attached to a pump’s card reader.
- Customer awareness: Just as you post warnings about the risks of leaving car engines running and the dangers of smoking and cell phone usage while pumping gas, consider posting signage about the risks of patrons sharing membership cards and using their credit cards at the pump. You may also consider discount pricing for patrons who pay with cash.
- Be mindful of visual tip-offs that a card reader has been attached to one or more of your pumps, including the following clues:
- The card reader appears to have been tampered with: Skimmers are designed to fit over existing card readers, so any irregularities or overlays that don’t match the rest of the pump are a red flag.
- Check for additional attachments: Card skimmers may have pinhole cameras or keypad overlays to capture PIN numbers. Be on the lookout for anything that appears suspicious to you.
- Jiggle the card reader: Legitimate card readers are most often securely attached to the pump and won’t move around. If you notice any movement, this could be an indication a skimmer has been installed.
- Trust your instincts: If something seems suspicious about the overall appearance of a pump, err on the side of caution and investigate it further.
Be a trusted services provider to your patrons. Implementing these measures will significantly enhance the security of your patrons’ personal information and protect your brand value.