1 / 16

Skimming Prevention: Overview of Best Practices

Skimming Prevention: Overview of Best Practices. August 5, 2014. Introductions. Ken Keegan - Jamba Juice Kevin Trimble - McDonald’s Corporation Kimberly Bloomston - The Zellman Group Keith Hoover - United States Secret Service. Today’s Discussions. Types of Cyber Threats

vevay
Download Presentation

Skimming Prevention: Overview of Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Skimming Prevention: Overview of Best Practices August 5, 2014

  2. Introductions • Ken Keegan - Jamba Juice • Kevin Trimble - McDonald’s Corporation • Kimberly Bloomston - The Zellman Group • Keith Hoover - United States Secret Service

  3. Today’s Discussions • Types of Cyber Threats • Point of Sale Intrusion • Cyber Incident Response Plan and Preventative Measures / Solutions

  4. Secret Service Presentation Keith Hoover - Asst. to Special Agent in Charge

  5. QSR Loss Prevention • Impacts as a result of increased claims of unauthorized credit card usage: • Due diligence with Merchant card vendors • PCI compliance • Increased Gift card abuse

  6. Merchant Card Vendors • Notices from US Fraud Control and Investigations on Common Point of Purchase (CPP) notifications • Due diligence required by the organization • PCI, Payment Card and other assessments may need to be completed, documented and forwarded • Possible fines for non-compliance.

  7. PCI Compliance • Additional assessments and analysis may be required by IT if incidents continue • Improved surveillance on servers and POS equipment may be required • Confusion on standards may occur within organization and vendors

  8. Gift Card Abuse • 86% of all online fraud is within 24 hours • Primary Target of Fraudsters (2013) • Online Retail 45% • Food & Beverage 24% • Other 31% • Need to employ appropriate technology to identify stolen cards online

  9. Gift Card Abuse • Increase in fraudulent gift cards in locations • Good customers purchasing BAD cards through other means • Online Market • Mall Kiosks

  10. Solutions • Implement / enforce a strict company policy against skimming / credit card fraud • Raise awareness within your organization • Establish investigative protocols / standards • Monitor fraud trends (Google Alerts, etc.) • Network with peers / LE to understand ORC / skimming / data breach trends SMARTER. TOGETHER.

  11. Inspect • Physical inspections of POS systems incorporated into operation checklists • Management inspects POS systems for tampering • Regulate pin pads, seals, manufacturer labels • Investigate / report exposed or compromised cabling • IT should conduct inventory of all devices in all locations (annually, quarterly or post-incident) SMARTER. TOGETHER.

  12. Communicate • Documented process for approving authorized service technicians (ID, background checks, etc.) • Consider control process for repairing store devices / equipment. (Devices sent back to corporate for repair / replacement) • Educate restaurant employees during new hire orientation / onboarding • Educate employees on what a skimmer does / looks like • Clearly present policy and consequences SMARTER. TOGETHER.

  13. Post Company’s Position

  14. Investigate • Establish investigative protocol • Use a group distribution to enable ease of communication to appropriate delegates • React quickly and discreetly! • Review equipment • Preserve CCTV • Pull schedules • Interview compromised cardholder SMARTER. TOGETHER.

  15. Network • Network with loss prevention / security / law enforcement peers to understand ORC trends • Join appropriate organizations to conduct research quickly (e.g. IAFCI) • Partner with eCommerce Fraud Detection partner to keep the fraudsters out SMARTER. TOGETHER.

  16. Thank You

More Related