HSBC United Kingdom
Need help?

Business Internet Banking

Log on to Business Internet Banking

Find out more


HSBC Merchant Services – Point of Sale security best practices

Whilst the Payment Card Industry takes great care to ensure that the security of Point of Sale (POS) Pin Entry Device (PED) products meet the highest standards, it is not sufficient to rely solely on this security to protect the cardholders' details from being compromised at the merchant location. Additional vigilance can and must be provided by merchants to enhance the security provided by the terminal itself.

Skimming is the transfer of electronic data from a customer's card to another source for fraudulent purposes. Criminals will try to insert electronic equipment into the terminal, PED or the communication path in order to capture this information and allow them to create false cards to perform fraudulent transactions.

The skimming equipment can be very small and difficult to identify. Often it is hidden within the terminal so that neither the merchant, nor the cardholder knows that the terminal has been compromised. In addition, criminals may on occasions insert a very small digital camera to record the PIN being entered by the cardholder.

Card fraud affects all parties within the payment chain. It is important that the cardholder feels comfortable using payment cards at your premises. Cardholders often learn very quickly where a merchant has been compromised and avoid using that location again.

Point of Sale security checklist

  • Record the make, model, serial number and how many POS terminals you have at your merchant location.
  • Record the location of each terminal in the store (unless the terminals are removed and secured when the store is closed).
  • Check and record if each terminal has any security labels.
  • Check the state and location of the label. Look carefully to see if these labels appear to have been removed or replaced.
  • For PIN pads and POS PED devices connected to an electronic cash register, or separate host system, note how each terminal is connected to the device.
  • Note how many connections (leads, plugs, aerials, etc) are connected to the terminal.
  • Note the area around the PED to see what display items are placed near the PED (these could be used to house cameras).
  • Look at the ceiling above the PED (especially if this is a false ceiling). Is the tile clean, does it look as though it has been disturbed?
  • Check the area underneath the sales desk to see if there is any new electronic equipment that has suddenly appeared without reason.
  • If your outlet uses wireless POS terminals, check at the end of each shift to ensure all terminals are present.
  • Depending on how your outlet transmits data to another location, check the connection system (telephone port, network connector) for signs of tampering or additional unknown equipment being added.
  • Challenge and check anyone entering your outlet claiming to represent:
       The terminal manufacturer
       Maintenance company
       HSBC
       Network or telecommunications company
       MasterCard or Visa
       The Police
Personal Business
 
Personal Business
 

Legal information   |   Accessibility   |   About HSBC   |   Site map Issued for UK use only  |  © HSBC Bank plc 2002 - 2012