A number of news stories and some recent personal experiences illustrate why everyone in the electronic transaction payment loop needs to be paying attention to how his or her behavior can impact data security.
My teenage daughter and I started looking for a used car for her a few weeks ago. We went to all of the usual sources, including the local newspaper and the Internet.
On more than one occasion, after finding a car that fit our needs and my daughter sending off an email, the response came back — oddly — from someone who had moved overseas or was a member of the armed forces or had experienced a death in the family or the loss of a job. In all cases, they wanted me to wire the money and they promised to send the title after receiving payment.
I was able to use this as one of the (rare) moments when you can pass on a little knowledge to your teenager. Obviously, these were fraudulent situations just waiting for someone to send money.
Although skeptical of my suspicions at first, my daughter soon came to see — as the number of similar replies mounted up — that it really was a scam.
Recently, a major international retailer was the victim of another “good story.”
Someone called one of the retailer’s 24-hour locations at 1 a.m. and convinced the customer service desk clerk that the caller was from the retailer’s internal IT department and was doing some testing of the systems. The caller needed some “live” gift card account numbers activated and the corresponding “secret codes” located under the scratch-off section.
The caller ended up getting $11,000 worth of gift cards that had been activated and were able to be used at other locations before the morning shift arrived and realized what had happened.
The last situation recently came to light through a published story about another scam — a hardware “hack” of a multistate retailer. In this case, authorities suspect that a ring of thieves was going into stores and distracting the employees so that they could “swap out” the customer-facing payment devices (the retailer operates in a multi-lane environment within each of its stores). With the new terminals in use, they were able to sit outside the store with wireless computers and get copies of all the card data and PIN numbers (this retailer did not accept credit cards, only PIN debit).
In all three cases, the common theme is “Knowledge is Power.” Whether it is your teenager, your sales clerk covering a late shift, or your store manager, make sure everyone understands the importance of watching for the unusual. Just as important is to make sure everyone knows it is okay to question these unusual situations.
The world is full of scammers. We all need to be vigilant in protecting our customers’ data and our own resources.
John Mayleben is Michigan Retailers Association senior vice president, technology and product development, and a national expert on electronic payment processing.