This year we have seen major retailers like The Home Depot and Target hacked. But are scammers and hackers just interested in big business? By no means. Here's what we've seen happen this year IN PORTLAND.
The Scam: In a recent report from a NE Portland merchant we saw a customer's credit card number stolen and used overseas. An honest employee entered a loyal customer's credit card into their computer to process an online order through the merchant's virtual terminal. Unfortunately, the employee's personal computer (a Mac) was infected with spyware. The credit card number as entered into the computer was sent back to thieves listening in over the Internet.
How to protect: Always use antivirus/malware/spyware protection on every computer used to process credit cards. Even a Apple computers are vulnerable. We recommend MacKeeper for Mac, and Norton or McAfee for Windows. Keep the software current and scan the computer every week.
2. Visa Gift Card.
The Scam: In a downtown shop on November 5 (this year), a man walked in and picked out over $1200.00 in merchandise. He then offered to pay with his Visa Gift Card. It came back "declined". Then he called someone from his phone, claiming that it was Visa. The person on the phone walked the cashier through getting the terminal to print a receipt. The receipt didn't look normal. It said "Approval Offline" and it was designed to deceive. The scammer walked out with the merchandise and the merchant was paid nothing.
How to Protect: Never allow the customer to call his own number for the credit card. Always call the number from the back of the card yourself from your phone. This scam could be done with MasterCard, Discover, or American Express gift cards as well.
If the terminal says "Declined" you will need to accept a completely different card.
If the terminal says "Approved Offline" it means that the approval has not been received from the bank.
3. When Telemarketers Say "Your Terminal is Not PCI Compliant."
The Scam: A merchant services company in Portland is calling merchants pretending to be your current credit card processing company. They start with something like "Hi, this is ______. I'm calling from merchant services to let you know that your terminal is not PCI Compliant. To protect you from fines and fees, we need to upgrade your terminal."
How To Protect: Ask them directly if they are your current merchant services company. Ask them their company name. Of course we will never call you asking you for information. Why would we? If you are an ePOS customer, you know we already have your account information and know you by name.
I hope this helps and I hope everyone has a prosperous and happy fourth quarter!
Jason Hanson, ePOS