Fraud - The fight against credit card fraud
Forensic Focus - December 2009
Your credit card details are extremely valuable to criminals, both amateurs and organised rackets. This information can either be directly used by criminals to make purchases and/or sold to other criminals, where there are sophisticated businesses and markets. Stolen card details can be sold for approximately NZD $5 to $60 each. And now, debit cards issued by Visa or Mastercard have also become a part of this picture.
Your card details can be compromised in many ways including:
- Stealing your card
- Manually recording the details of your card when processing your transaction
- Obtaining the information from receipts
- Fitting “skimming” devices to card payment machines. These skimming devices electronically store your card details when you make payment
- Circumventing or breaching technology (hacking) to access or steal card information that is stored or being moved around
- Insider threat of employees or others trusted within your organisation misusing their access and knowledge of card information
- Accessing card information through vendors who provide services to your organisation and have access to your customers’ card information
If your organisation handles, processes or stores credit card details or provides services to those that do, there are two key reasons to ensure that your customers’ payment card details are not compromised:
Your brand may suffer damage if customers’ payment card details are compromised at your organisation. The damage may be significant if there are many customers’ whose payment card details have been compromised and/or it is found that your organisation did not take sufficient care to safeguard the payment card details.
For any organisation that experiences a security compromise associated with card information, they can be immediately elevated to Level 1 status (highest) at the discretion of the bank or the Payment Brands (Visa/Mastercard). As well as having to meet the cost involved in external verification of compliance with payment card standards, PCI DSS, the Payment Brand can also impose punitive fines of up to US$500,000 and require you to meet the subsequent costs of investigation, response and damages following a compromise and/or withdraw the credit card merchant facilities.
Please contact Anu Nayar to find out more about how to ensure your organisation complies with the mandatory payment card standards and ensure your customers’ credit card details are not compromised.
Deloitte is the only “Big 4” professional services firm qualified as a QSA Company, and the only firm in New Zealand qualified for both PCI DSS and PA DSS assessment/advisory work.