Credit Card Theft: Protection and New Regulation

3 Minutes read

Credit card theft is on the rise. An estimated 60 million credit cards were stolen during a 12-month period from U.S. card owners, as reported by a threat intelligence firm Gemini Advisory. And 45.8 million of those credit cards were for sale on the dark web. Who’s tracking down the sellers of the stolen information?  How does a bad guy pay for a stolen credit card?  How does an online merchant prevent fraudulent transactions?   The only way a user could get a return on the money is if they call the card issuing bank. Yet, we all know how complicated this process can be.

What’s being done about it?

Currently, the Payment Card Industry Security Standards Council (PCI SSC) has a standard in place from 2008 that has been updated several times since then, and most recently being in 2016. Here’s a link to some information about current PCI standards to protect your business.   One way a business can help protect payment card data is by configuring their network and firewall.  Here’s a free download from PCI SSC to help with firewall configuration.

In fact, PCI SSC has a plan to implement a new standard. However, it won’t take effect until 2022, once the old system will expire. The new system has been described as “transformational-a whole new expectation for developing and maintaining secure software”.  Additionally, the new system will provide more support to ensure that payment software properly protects the privacy of the card and transaction data.  

The key principles of the standard are:  

  • Critical access identification 
  • Secure default configuration 
  • Sensitive data protection 
  • Authentication and access control 
  • Attack detection 
  • Vendor security guidance 

It is still too early to know if the new coming standards will prevent hackers from stealing credit cards.  

So, how do we be proactive?

Tokenization and truncation are two technologies used to protect credit card information.  They can help prevent credit card theft at businesses.  But, how does this work? 

Tokenization, as defined by Visa, is a program that replaces the 16digit account number with a unique digital identifier called a token. Click here to see more details about tokenization. Through tokenization, there is no trace of the credit card information since the card is not visible. Consequently, it makes it unhackable.  

Additionally, another system is truncation. Truncation means to shorten or replace.  Instead of all 16 digits of the credit card information being stored and saved, either the first 6 digits of the card or the last 4 digits of the card will be saved. Truncation and tokenization are promoted through the PCI SSC. The BIN or Bank Identification Number is the first 6 digits of the credit card.  It tells the program what company the user banks with and who the card provider is. For example, Visa cards start with a 4- while American Express cards will start with either 34- or 37-.

Tips to avoid credit card theft

  1. Keep track of your credit card at all times.
  2. Never let your credit card out of your site, especially when paying.
  3. Pay only at trusted websites with https:// (SSL).
  4. Don’t provide credit card information via email.
  5. Use apple pay or google pay.
  6. Keep updated anti-virus software
  7. Especially at gas stations, pay attention to the device where you are putting your card.

What to do if you have been hacked: 

If you’ve had the unfortunate pleasure of having your credit card stolen, it’s time to take action.  

First, you should advise the card issuing bank that your card has been stolen. Typically, they will ask you to verify the last 3 transactions on the card. If they don’t match up, they will freeze and/or cancel the card, then issue a new one. 

Besides reporting it to your bank, you can file a report with the Federal Trade Commission. You can submit a theft report through their website or call their toll-free hotline at 1-877-IDTHEFT (438-4338).  

Is your credit card terminal secure?

Does your credit card terminal have point to point encryption (P2P)?  Give us a call.

Are you paying your payment processor an additional fee for P2P encryption? It’s time to give us a call. Stillwater Payments products contain point to point encryption for all our credit card terminals.  There’s no extra fee to do so!   Tokenization and truncation help eliminate credit card theft. 

Need a check-up to make sure your payments are secure?

Call us @ 877-651-1655 to get an encrypted credit card terminal. 

Related Articles