KnowBe4 PCI Security Tips - Credit Card Fraud: How does it happen?

In an age of digital scams, it is important to be aware of all the various ways credit cards and credit card information can be compromised. Here are a few common ways sensitive information can be obtained:

  • Skimmers - malicious card readers which are placed discreetly over credit card and debit card insertion points. These devices can record confidential information contained on the card and are often coupled with a hidden camera to record keystrokes of a PIN or other personal information.
  • Magnetic Card Readers/RFID (radio-frequency identification) readers - devices which can record the information contained in the magnetic strip on the card when the card is used to make a purchase. Once information is obtained, any card with a magnetic strip can have that information loaded onto it, and it can then be used for transactions.
  • Imprint Machines – Card Imprint machines make paper copies of sensitive card information when transactions are made. They can be stolen or compromised, so they must be disposed of properly, according to company policy.
  • Social Engineering and Hacking - a hacker or cybercriminal may attempt to phish sensitive information out of unsuspecting employees in a number of different ways. Once the employee becomes victim to opening an email attachment riddled with ransomware or clicking on a link that leads them to a malicious website, their company could be at risk for a dangerous data breach. Below are two common methods hackers use to obtain sensitive cardholder data:
    • Keyloggers – program that can be installed on a computer without the operator being aware. These can record every keystroke, including credit card information. These programs can be unintentionally downloaded if you click on attachments or open links without checking for red flags and verifying the safety of the email first
    • Computer Servers – When credit card information is stored on a computer server, that server must be carefully protected, both digitally and physically. If the server gets stolen, hackers can pull the sensitive data that they need.

Data breaches of sensitive information are often caused by an unsuspecting employee falling for social engineering techniques. Always stop, look, and think before you click on a link, respond to an email requesting sensitive information, or open up an attachment from any sender when you weren't expecting it to arrive. Verify the sender's legitimacy and intention first. Do your part to keep sensitive information safe at all times.
The tips included in this message are meant to remind you to keep sensitive information secure. 

Stop Look Think - before you click.​
The KnowBe4 Security Team