The card payment industry is continually subjected to sophisticated attacks by fraudsters designed to gain access to sensitive card data and confidential PINs. The level of sophistication and the amount of effort fraudsters are prepared to put into defeating the security measures continues to increase. This requires the industry to provide, as a complement to its multi-layered approach to information security, guidance to stakeholders in reminding them of their responsibilities in securing card payments.
Chip and PIN is proving highly successful in defeating certain malicious attack types. Within the UK there are now in excess of a million chip and PIN terminals and PIN entry devices. The UK industry continues to be proactive in seeking methods to improve the industry’s defence against attack and the provision of good practice guidance helps all involved to defend card payments against the real threat of financial loss and reputational damage.
The guidelines (available for download below) are intended to be used by retailers accepting or intending to accept face-to-face card payments and is designed to complement card industry rules and regulations and advice given by point-of-sale solution providers (including banks and third party suppliers). The advice and guidance offered should be considered when reviewing or developing security procedures and processes for the point-of-sale environment, particularly, but not exclusively, those relating to the acceptance of card-based transactions.
In providing general advice and guidance we recognise that a one-size fits all approach is inappropriate and that allowance must be made for the wide variation in point-of sale configurations and also the level of resource available to be put into security measures. The purpose of this document is to assist understanding of the financial and reputational implications of the theft of assets, re-introduction of fraudulent assets back into the live environment and the detection of any fraudulent assets.