You got here from HomeMedia Centre2010
Click to print page

Search Click to Search


Joint Media Release

    

Joint media release

Banks, law enforcement and retailers warn merchants to secure

EFTPOS terminals to prevent skimming

13 April, 2010: The Australian Bankers’ Association (ABA), the Australian Crime Commission (ACC) and the Australian Retailers Association (ARA) are advising merchants to secure their EFTPOS terminals, to prevent criminals installing skimming devices to defraud customers.

The organisations are working together and a National Law Enforcement Task Force has been formed, in a collaborative nation-wide effort, to help protect consumers and to encourage merchants to take extra security precautions with their EFTPOS terminals.

The ACC warned merchants that a large and sophisticated international organised crime network was responsible for an increase in credit and debit card skimming activity in Australia and the network is targeting EFTPOS terminals at retail outlets by installing skimming devices to obtain customer card information and Personal Identification Numbers (PINs).

ACC, Acting Chief Executive Officer, Michael Outram said skimmed information from cards was being used by this global syndicate  to create counterfeit cards, which were then used to withdraw cash from ATMs in Australia and overseas.

“While the dollar value can’t be determined at this stage the ACC, ABA and ARA believe that criminals may try again to target retail outlets and use EFTPOS terminals to commit skimming crimes, so this is why we are warning retailers about this criminal activity, ” Mr. Outram said.
 
“NSW, WA, Vic and Qld police have to date arrested 20 people in relation to alleged EFTPOS skimming incidents. This has been the result of a successful law enforcement partnership to address the issue nationally.”

“We are urging all retailers, whether large or small, to be alert to this new threat and take appropriate measures to secure their EFTPOS terminals to help prevent this criminal activity.”

Steven Münchenberg, Chief Executive of the ABA, said: “Bank customers can be assured they are not liable for unauthorised transactions on their accounts if they become victims of proven skimming crimes.”
 
“If we can work together to prevent skimming, criminals will find it much harder to commit crimes which cause great inconvenience to customers, retailers and banks.  Fraud protection guidelines have been developed to support retailers secure their terminals. The guidelines suggest retailers check daily for any evidence the EFTPOS terminal may have been tampered with and to be wary of unauthorised individuals supposedly fixing or even connecting a terminal.”
 
“The ACC has advised banks that in some circumstances the criminals are using cameras to film consumers as they type their PIN into the EFTPOS key-pad. We would advise all consumers to shield their PIN when using an EFTPOS or ATM terminal, by using their free hand to cover the key-pad while entering their PIN.”

Banks and card schemes are also taking steps to increase the security of cards and terminals.

Banks which issue MasterCard and Visa cards have started to embed micro chips within their cards. These store information in a secure form making it harder for criminals to create counterfeit cards. This strategy is in line with a national initiative to upgrade merchants’ terminals to accept chip cards. These newer terminals comply with the latest data security standards.

Deputy Executive Director of the ARA, Jennifer Cromarty, said: “It’s important to think of an EFTPOS terminal like a cash register and protect it accordingly. Vigilance against terminal theft and tampering is necessary.”

The Fraud Protection Guidelines for merchants have been developed by the members of the Australian Payments Clearing Association (APCA) which includes banks, building societies, credit unions and large merchants.

Fraud Protection Guidelines for Merchants

EFTPOS Terminals

Merchants in Australia have been warned to be on alert after recent fraud activities targeting EFTPOS terminals. The purpose of these guidelines is to provide you with a list of issues to be aware of and handy tips to help prevent fraud at the EFTPOS terminals on your premises.

Fraud activity at EFTPOS terminals

EFTPOS terminals should be treated as securely as cash registers. Why? An EFTPOS terminal that has been fraudulently tampered with can lead to significant losses. Criminals tamper with EFTPOS terminals so that they can gather card account information; the information they capture is used to produce counterfeit cards to obtain cash at a later time. Criminals can also get PINs from the tampered EFTPOS terminal or through other means, such as a hidden camera. Important:

  • Criminals steal EFTPOS terminals, tamper with them, and then either return them to the same premises or place them elsewhere;
  • Criminals tamper with EFTPOS terminals while they are still on the premises.

 
Vigilance against such activities is essential.

High Risk Issues
 
Merchants should be particularly vigilant where:

  • There is one staff member working on the premises alone
  • The business is in an isolated or remote location
  • The business is left unattended or closed for a period during the day
  • Particular EFTPOS terminals are not attended or supervised from time to time
  •  Wireless EFTPOS terminals are in use (as it can be harder to keep track of these terminals are at all times).

Suggestions for protecting your EFTPOS terminals

  • Keep a list of all EFTPOS terminals on your premises, detailing:
    o the make, model and serial number;
    o where each EFTPOS terminal is kept on your premises;
    o any stickers on the EFTPOS terminal and where they are placed; and
    o the type of cables connected to the EFTPOS terminal.
  • Daily, check the serial number underneath the EFTPOS terminal against the serial number you have recorded on your list and/or that is displayed electronically on the EFTPOS terminal (if applicable). These MUST match.
  • Daily, check for any evidence of tampering:
    o Do all the details recorded on your list still match your EFTPOS terminals?
            o Have any stickers been removed or replaced?
            o Does any part of the cabling look different?
    o Are any additional or unknown items of electronic equipment connected to the EFTPOS terminal?
  • Daily, check that the merchant name on the receipts being issued by the EFTPOS terminal is the correct one.
  • Lock the EFTPOS terminal in its position with, for example, a cable lock. Remove and secure the EFTPOS terminal when it is not in use (if practical).
  • Regularly conduct an inventory check on your EFTPOS terminals. Report missing or stolen terminals to your provider.
  • Always verify the credentials of service staff or “official” visitors to your premises. Do not allow unannounced service visits or inspections.
  • If an EFTPOS terminal is being connected (e.g. a new terminal or after overnight securing) make sure this is done by authorised personnel, preferably by two staff members.
  • Only buy terminals that have been approved by the Australian Payments Clearing Association and are listed on its website (www.apca.com.au). Always buy from a legitimate distributor or vendor and be wary of refurbished terminals.
  • Dispose of old EFTPOS terminals securely – return old terminals to your acquirer or to the original terminal vendor.

Suggestions for protecting EFTPOS terminal connections

  • Ensure that the point at which your EFTPOS terminal connects to the network is not easily accessible to the general public. This will make it more difficult for criminals to simply “plug in” and activate a replacement EFTPOS terminal.
  • Have a warning notification or an alarm alert activate when an EFTPOS terminal is removed or replaced in the network.
  • Include in your procedures that when an EFTPOS terminal is connected or reconnected, authorisation must be given before it can “go live”.

Suggestions for protecting against staff risk
Criminals may attempt to trick, bribe or threaten your staff into ‘looking the other way’. What can you do?

  • Do not allow staff access to CCTV equipment.
  • Do background checks of new staff.
  • Allow only senior staff to replace terminals and perform the checks detailed above OR preferably have two staff members undertake these activities together.
  • Randomly check that your staff members are complying with these guidelines.

 
Protecting against risk of PIN capture

Criminals may attempt to obtain details of PINs from customers, for example by using concealed pinhole cameras. What can you do?

  • Check false ceilings above where the EFTPOS terminal is kept.
  • Check boxes (e.g. boxes with leaflets or charity boxes) near the EFTPOS terminal.
  • Be aware of anything different in the area around the EFTPOS terminal – it may be hiding a small camera.
  • Make sure your surveillance camera adequately covers the area where an EFTPOS terminal is kept but is not able to record the PIN as it is entered by a customer.

Report and disconnect suspicious terminals

If you suspect that an EFTPOS terminal has been tampered with, or you notice anything suspicious:

  • disconnect the terminal immediately and contact your EFTPOS services provider; and
  • keep the EFTPOS terminal in a secure place so that any evidence (e.g. fingerprints) will be preserved.

Staff education

  • Ensure staff members are aware of, and trained in, the need to follow these guidelines.
  • Consider introducing rewards for staff members that detect any fraudulent activity on your premises.


These guidelines can be found on the APCA website: www.apca.com.au

Notes for editors

Information on the three organisations:

Australian Crime Commission: The ACC is Australia's national criminal intelligence agency. It works in partnership with other law enforcement agencies to develop a national understanding of serious and organised crime to provide target information for action by partner agencies and to predict future criminal trends. Its purpose is to unite the fight against nationally significant crime.

Australian Bankers’ Association: The ABA works with its members to provide analysis, advice and advocacy and contributes to the development of public policy on banking and other financial services. The ABA works to ensure the banking system can continue to deliver the benefits of competition to Australian banking customers. With the active participation of the member banks, the ABA works to foster an environment in which financial services are valued and can prosper. In communicating the industry’s views, the ABA works with Commonwealth and State and Territory Governments, the regulators, other industry associations, the community, community groups and the media.

Australian Retailers Association: The ARA is the peak industry body in Australia’s $292 billion retail sector which employs over 1.5 million people. As an incorporated employer body registered under the Fair Work (Registered Organisations) Act 2009 and with a range of member services including business consulting, policy development, advocacy and education, the ARA promotes and protects over 5000 independent and national retailers throughout Australia.

For Further Information:

Australian Crime Commission

Australian Bankers’ Assoc

Australian Retailers Assoc

 

Communications and Media Unit T 02 6243 6843

M 0409 603 637

Heather Wellard – PR

T: 02 8298 0411

M: 0409 830 439

 

Kath Christie – Policy and Media

M: 0422 293 544
     
   | © 2004 Australian Bankers' Association  | Home | Contact UsPrivacySubscribe | Content Management and Web Design by Elcom Technology |