Retailers don’t even have to think about not leaving cash lying around, but these days thieves are cashing in on a different kind oversight by store clerks.
To a savvy crook, unattended point-of-sale terminals (PSTs) are as good as an open vault. Stealing PSTs to skim credit and debit card data stored there has become fairly commonplace in larger centres, but last week the trend hit locally.
On July 29, Yorkton RCMP investigated a suspicious incident at an area business.
Two males entered the store and ordered some items, but when the cashier turned her back, they swapped out the PST with another one. Suspicious, the cashier noticed the terminal appeared to have been altered. Further investigation by store staff revealed the machine had been tampered with and belonged to another local business.
Police are still not sure what the suspects’ end game was, but are warning businesses to be vigilant.
“You have to treat these machines as if they’re money,” said Cst. Josette Collette, the lead investigator on the case.
There are several ways in which criminals perpetrate fraud with PSTs. The first is to simply steal it, mine the credit and debit card numbers and PINs and create new credit cards or gift cards with the stolen data.
Another is to swap out a wireless device with a dummy (or another stolen) PST, then use the machine to refund cash into a bank account for withdrawal using the standard merchant security password.
An information bulletin from the “E” Division RCMP Federal Serious and Organized Crime Section suggests far too many businesses fail to change this password when they receive their PST.
The bulletin also gives merchants tips on how to prevent fraud including: changing the refund code regularly, limiting the number of staff members who know the code, having the PST provider limit the refund parameters on the machine, not leaving the devices unattended.