Implementing a daily inspection of all point of sale (POS) credit card readers for evidence of tampering may identify a security breach sooner rather than later. Below, CNA has outlined seven key tactics to include as part of the inspection process.
1. Train Employees to be Aware
Teach employees how to spot indications of tampering. Covert installations of card skimmers such as additional hardware near the legitimate card reader or miniature cameras to record pin numbers are things to lookout for.
2. Take Inventory
Take inventory of all devices that collect data at all locations. Make sure to include devices not only at point of sale areas but self-service areas as well.
3. Share the Responsibility
Rotate the responsibility for the inspection to different employees – and assign each employee a unique user account – as often as practical. This will limit the possibility of an insider installing such hardware and avoiding detection. Make sure the employee conducting the inspection acknowledges the condition of each device at time of inspection.
4. Log Results
Require employees to log their entries upon completion of each inspection. Things such as the date and time of inspection, completed & signed inspection checklist, notes on inspection results if tampering or suspicious devices are detected are all important to track.
5. Plan Ahead
Have a process identified in case a device appears to have been tampered with. These devices should be removed and safely stored for investigative purposes and referral to law enforcement.
6. Engage Management
Include management as part of your process to ensure that in case of a breach, employees know who should be notified so that they can notify proper law enforcement so investigation can begin.
7. Limit Internet Connectivity
Do not allow access to websites through your POS network. POS networks can be segmented to limit access to the internet, while still allowing access to only approved Anti-Virus updates and POS security logs. All other internet activity should not be allowed.
Source: CNA Risk Control Bulletin
Want the latest in Insurance News & Tips?
Let us keep you up to date with our email updates including helpful guides, money saving strategies, and industry news.Other News
-
Staying Safe Online Cyber Monday and During the Holiday Shopping Season Cyber Monday this year is expected to be the largest online shopping day in history. Cyber Monday is expected to generate $7.8 billion in sales, a 17% increase from the previous year, according to Adobe Analytics, which tracks online sales. The combination of a […]
Read about the top 5 reasons why your business needs Cyber Insurance Coverage
[metaslider id=4555]
Are you a business owner who has considered adding
Businesses large and small need to invest in Cyber Coverage to protect from costly data breaches.
In an article entitled, “Why Cybersecurity Should be the Biggest Concern of 2017,” published in Forbes in
Learn about the 5 most common types of Cyber Attack and how to protect your business.
Protect your business from the threat of malware and a potentially devastating data breach.
<Protect your business from the increasing threat of ransomware!
McSweeney & Ricci tailors a cyber insurance policy suited to your business’ needs.
McSweeney & Ricci tailors a cyber insurance policy suited to your business’ needs.
Cyber Security and the Most Commonly Stolen Passwords
The U.S. government recently released guidelines for addressing cybersecurity to help businesses protect both digital and physical assets.
Daily inspection of all point of sale (POS) credit card readers for tampering may identify a security breach sooner rather than later.
The holiday season is upon us which means an increase in the number of consumers buying gifts and services from online retailers.
Cyber threats are constantly evolving requiring all of us to do our part and remain vigilant.
The recent cyber attacks by the Syrian Electronic Army (SEA) call attention to businesses’ vulnerability to crippling cyber breaches
More and more employees-especially the young, technologically savvy-are no longer satisfied with company-issued tools to get the job done