Guidelines for mitigating skimming attacks
Terminal physical location
- Place payment terminals in a manner that offers the highest level of security (less consumer and employee access)
- Design payment locations to have an overview of customer access to payment technology and payment location
- Ensure protection and security of the equipment
- Mount the terminal and its cables with secure mechanism
- Enable cameras overlooking payment locations if possible but ensure that PIN cannot be recorded
Staff and service security
- Ensure that trusted and trained employees are responsible for all activities around terminals, beware suspicious behavior and that they protect the access to sensitive data & payments on an ongoing basis
- When PIN is entered ensure there is no method of recording or viewing the PIN by customers / other employees
- Check terminals on each shift (how many terminals are in use each day, security of the device itself e.g. insert paper roll, verify that your logo appears on the screen, ensure payment terminal is connected to the wi-fi and cloud)
- Make it a daily procedure to document and monitor your terminal environment (e.g. Verify the payment terminal isn't physically damaged, check for missing seals or screws, holes in the device, and added wires or labels, and device serial number or other methods of unique identification).
- Train your staff to the importance of terminal and terminal infrastructure security, e.g. not permit any third- person to replace any devices or install any software except for Mews‘ consultants, be aware and report any suspicious activities around the terminal and terminal infrastructure.
- Maintaining a list of devices including information regarding each device, e.g. device serial number or other methods of unique identification, model and location of a device.