Retailers Processing Network Blog

Guard credit card data like cash

Retailers Processing Network - Saturday, November 12, 2011

While waiting in line at a local fast food restaurant recently, I noticed a sign that you would normally only see in the breakroom or on an employee bulletin board out of sight from the customers.

It was titled (in the giant-sized headline usually reserved for major news events) “Credit Card Fraud is a Federal Crime” and went on to advise the employees of this chain of restaurants that capturing, or “skimming,” a card number from a customer’s card is a crime, even if you don’t use the card number to purchase something.

The simple act of skimming the card number with the intent to sell or give it to a bad guy can result in a 10-year sentence at the federal level, plus other state laws may also apply.

This notice reminded me that, much like shoplifting, you can’t just work on protecting your company from outside bad guys. The sorry fact is that you also need to look inward to make sure you have appropriate procedures in place for staff.

As with theft of merchandise, the inside job will probably result in a higher loss and go on for a lot longer.

If you have not already done so, you should take a minute and watch what happens to a credit card transaction within your business and see if you can determine weak points in the process.

You should be watching for points where card data are left “alone” with just one person. Does the employee take the consumer’s card (or the card information in a non face-to-face transaction) and have time to secretly record this data?

While most transactions in a face-to-face environment occur in front of the consumer, and in theory the consumer is watching the card during the transaction, some don’t. These include a drive-through shopping experience or a sit-down restaurant.

Some businesses offer shopping experiences where there may be a time that the customer is not near the credit card terminal during the transaction. If your business model has these types of situations, you should be even more alert to behaviors of staff members and to calls from cardholders indicating anomalies with their cards after purchasing something from your store.

In one recent case, a retailer hired a staff member who was fluent in a second language to handle calls from customers who did not speak English. Knowing he was the only employee who spoke the other language, the employee decided to steal card data only from customers who spoke that language. He knew that any complaints would be routed through him for translation, and he could control the situation.

Think of card data as cash. You have systems and procedures in place to control access to cash, and you should be doing the same thing with card data!

John Mayleben, CPP, is RPN senior vice president technology and new product development and a national expert on electronic payment processing. Contact John at

Recent Posts



    Copyright © 2016 Retailers Processing Network | 603 South Washington Avenue | Lansing, MI 48933

    Toll-Free: 866.791.6099 |

    Powered By: Easyfish Marketing