Secret Service sends a message about POS fraud
Though accepting payment cards is convenient for customers, business owners should make reasonable efforts to secure their information
When most people think of the Secret Service. they think of protection – protecting the President of the United States, presidential candidates, the vice president, their families and visiting foreign dignitaries. They also might think of the agency’s role in stopping the counterfeiting of the national currency — in fact, the agency was first established by Congress in 1865 to investigate the rampant counterfeiting taking place in the wake of the Civil War.
What people may not know is that there is a Secret Service office in Manchester and that the agency’s mission has evolved along with rise of Internet and online electronic payment systems to include emerging financial, electronic and cybercrimes.
The ubiquitous POS, or “point of sale,” systems that businesses and consumers use daily have become prime targets of data fraud and identity theft criminals and organizations across the globe.
With the development of alternate currencies, the agency’s responsibilities have further expanded to include other financial frauds, said Holly Fraumeni, the supervisory special agent that oversees Secret Service functions for the federal districts of New Hampshire and Vermont. She said the Secret Service communicates directly with the business community to offer advice on how to protect themselves from fraud and warn them of the latest fraud schemes.
“One of the messages we like to get out to the business community involves the awareness of network intrusions, wherein bad actors steal payment card data,” said Fraumeni, an agent for 25 years. “In this age of the Internet, criminals no longer need to throw a rock in your storefront window to break in and steal – they can easily “reach in” from anywhere around the world where there is Internet access, and you may not even know it while it is happening.”
She said that among the recent trends in computer crimes are those involving point-of-sale transactions.
POS terminals refer to the now-commonplace equipment used for currency transactions most typically found at merchant checkout counters, such as cash registers, barcode scanners and card readers. They interface with a computer system to process electronic payments online, and Fraumeni explained that just being connected to the Internet makes this information vulnerable, worldwide.
Though accepting payment cards is convenient for customers, the business owner needs to make reasonable efforts to secure their information, she said.
Business owners can take a number of easy steps to protect themselves. “When a vendor first installs a POS system, they utilize simple, standard default passwords,” Fraumeni said. “When cyber criminals are ‘surfing’ for victims and sources of personal and financial data, they have the technical acuity to scan for such passwords and exploit databases. To help deter this, business owners need to change these default passwords to something more unique and complex, such as pass ‘phrases’ that incorporate special characters as well as numbers.”
According to Fraumeni, financial data and personal identity thieves are branching out to use stolen data in a wide range of criminal activities and increasingly through payment systems whose legitimacy could be questioned.
In the spring, the Secret Service and other federal agencies shut down an alleged multinational money-laundering scheme run by Liberty Reserve, arrested five current and former executives and seized $20 billion in assets.
According to the federal government, Liberty Reserve — a Costa Rica-based centralized digital currency service and payment processor — had approximately a million users worldwide with more than 200,000 users in the United States. It’s estimated that the company processed more than 12 million financial transactions annually with a combined value of more than $1.4 billion.
The government said Liberty Reserve made no efforts to verify the identities of its users.
Overall, Liberty Reserve processed an estimated 55 million separate financial transactions and is believed to have laundered more than $6 billion in criminal proceeds in seven countries, including Spain, Costa Rica, the Netherlands and the United States.
Though it may seem like an obvious recommendation, it’s easy to take software security for granted. Fraumeni said it’s important to keep software protection updated.
“POS software applications and antivirus software become outdated, as does antivirus software,” she said. “The updates can help prevent unauthorized access, intrusions and attacks by recognizing malicious software, as it is currently defined. And, of course, ‘firewalls’ are the first line of defense against bad actors, whether it’s a software or hardware.”
One of the biggest protection efforts that business owners can make is equally obvious but often ignored, she said. “Access to the Internet should be restricted to conduct POS-related activities only,” Fraumeni said. “Users who ‘surf’ the Internet or access their web-based email or social media can unintentionally expose the system to security threats. And, of course, disallow remote access to POS networks, at all times.”
Fraumeni said when she meets people in public, she is usually asked about the protection work she and fellow Secret Service colleagues do, but she isn't often asked about fraud protection.
For those who are also concerned about counterfeiting, Fraumeni said that the public can refer to the “Know your Money” section of the Secret Service website (secretservice.gov) to learn about how to detect counterfeit currency and guard against forgery loss.