Apacs, the UK payments association, has today (5 September 2007) published a retailer advice guide - Transactions with your chip and PIN terminal - to remind card-accepting businesses of some of the necessary security measures to help keep their chip and PIN equipment safe and secure.
The first chip and PIN transaction in the UK took place in Northampton in May 2003. Today, just four years on, more than 900,000 shop tills (98 per cent of all shop tills in the UK) have upgraded to chip and PIN with over 185 chip and PIN transactions taking place every second. This new way to pay has been a positive step forward for card security in the UK and, as a result, card fraud losses on the high street have fallen 67 per cent since 2004.
However, organised criminal gangs continue to target businesses to try and copy magnetic stripe details from customers' cards. The fraudsters then use these details to create fake cards that can be used overseas, in countries that do not have chip and PIN. Therefore, there is an ongoing responsibility on retailers to keep their equipment, their staff and their customers safe from fraud.
APACS' retailer advice guide is available to download from www.apacs.org.uk and www.cardwatch.org.uk, and provides useful facts, statistics and tips on what steps businesses can take to help keep card data safe and secure. Advice within the guide includes:
- Chip and PIN terminals should always be placed in a location that allows the customer to use them in a way that prevents other customers from seeing the PIN;
- Retailers should devise an inventory to record the serial numbers of their terminals and the location where they are installed; and
- Staff should be made aware of all the potential ways that criminals target card data and encouraged to report any issues or concerns they may have.
More detailed information for retailers regarding keeping card data safe and secure can be found in the Payment Card Industry Data Security Standard - a common set of industry requirements to help ensure the safe handling of sensitive information. This standard provides a framework for retailers to develop robust security processes - including how to prevent, detect and react to security incidents involving card data. Retailers can get more information about this standard by speaking to their bank.
Sandra Quinn, director of communications at APACS, says: "Raising retailer awareness about the importance of the physical security of chip and PIN equipment and standard staff recruitment and vetting procedures can play an important role in tackling fraud.
"Simple measures such as training staff to be aware of potential fraud threats and common fraud techniques will significantly reduce the chances of businesses falling victim to fraud or indeed being targeted by fraudsters.
"The UK is leading the way in identifying and developing technology to address card-related fraud and we are fully committed to tackling card fraud in all its guises."
To support this retailer awareness guide, APACS recently (16 August) launched a consumer advice guide to remind cardholders of the need to keep their PIN safe and secure at all times. The guide - Protect your PIN - outlines useful facts, statistics and tips, plus advice on how to remember PINs and protect cards whenever they are used.