AFP arrests credit card fraud syndicate: Five ways to stop it happening to your business

Seven people have been charged after allegedly taking part in one of Australia’s largest cases of credit card theft – and the case has retailers thinking twice about their online security.

The criminal syndicate allegedly behind the fraud gained access to half a million cards. They used 30,000 numbers for fraudulent transactions, totalling more than $30 million.

The Australian Federal Police confirmed yesterday that seven people have been charged through an investigation that began in June 2011, codenamed Operation Lino, when it received a tipoff from a financial institution. The credit card data was being used to create fake credit cards to make transactions across the world.

And while no Australian has lost any money as a result of the syndicate, security experts have continued to warn SMEs why it’s still important to keep a keen eye on financial fraud prevention systems.

Here at SmartCompany, we’ve covered several businesses that have fallen victim to financial fraud. But not every business has to enter disaster mode after a breach – recently Pizza Hut managed to escape a cyber-attack without having any credit card data stolen at all.

There are ways you can keep you and your customers safe. Here are five methods you should implement to protect yourself from credit card fraud:

1. Change your passwords from the default

A lot of retailers don’t understand how to use complicated point of sale technology. Michael McKinnon, a security expert at AVG, says it’s common for business owners to continue using the default password for their equipment.

That is often a mistake.

“[Equipment manufacturers] have default passwords and they rarely change. You should change [the password] as soon as possible,” McKinnon warns.

2. Monitor working from home

We’re all about teleworking these days, but McKinnon says you need to be extra careful when you’re using remote login stations. These systems can be vulnerable, allowing fraudsters to break in and do damage.

“[Remote login stations] can be dangerous, if the password being used is not secure. If any of those credentials are discovered by a hacker, they can log in to the retail shop and do some damage with skimming software,” McKinnon says.

3. Secure your backups

If you’re a savvy business, you’ll already have backups of all your data. But beware of what you’re actually saving.

The data you backup could include credentials that give access to your credit card data, and you certainly don’t want to be caught out by a fraudster who has discovered a treasure trove of old numbers.

4. Separation of duties

Your employees need to operate on a “need to know” basis, according to McKinnon.

Minimise the number of people who have access to your financial data, and the chances of that information falling into the wrong hands is greatly reduced.

“Investigators will follow the money, so to speak. If business owners want to use that same strategy, it’s a good thing to do. Always review places and people who have access to this type of material,” McKinnon says.

5. Don’t even store credit card data at all

McKinnon points out that a growing number of websites are bypassing the need to store credit card data at all. Realising that holding onto the information makes them legally vulnerable, a growing number of businesses are outsourcing the storage of sensitive financial data.

“Even some of the largest businesses I’ve seen are handing that risk off to another provider. It’s all about protecting your own business,” McKinnon says.