Retailers urged to improve security against card fraud

A GARDA expert on payment-card fraud has urged retailers to improve their security procedures and technology in an effort to …

A GARDA expert on payment-card fraud has urged retailers to improve their security procedures and technology in an effort to avoid a repeat of two large-scale card frauds that have emerged this week.

Det Insp Denis Heneghan of the Garda Bureau of Fraud Investigation (GBFI) said sophisticated organised crime gangs with very advanced technical expertise were now selectively targeting major retailers in the Republic.

Stores were being targeted during busy periods when thousands of payment cards could be skimmed and cloned in a very short time frame.

"Retailers should verify that anybody coming in claiming to be carrying out work on payment terminals is who they say they are," Det Insp Heneghan said.

READ SOME MORE

"Payments systems technology should also be able to alert the retailer every time a terminal is disconnected and reconnected. Every time that happens an explanation should be sought," he said.

Such software was vital to foiling the skimming and attempted cloning of more than 9,000 payment cards on the east coast last weekend.

Det Insp Heneghan, who is the head of payment card fraud unit in GBFI, said retailers should also take basic steps to improve physical security, such as CCTV systems, in a bid to more closely monitor their card payment systems.

"Retailers should also designate responsibility for the security of payment systems to one staff member so there's continuity," he said.

Det Insp Heneghan was speaking after it emerged a crime gang had skimmed and cloned several thousand cards after targeting a busy supermarket just outside Galway City over the past month.

It is believed the gang deliberately targeted the shop during Galway's busy festival and holiday season. Information skimmed from cards had been used to make cloned cards on which large sums of money were withdrawn in Canada and Italy before the scam came to light.

The cloned cards could not be used here because of chip and PIN technology at payment terminals. The main banks and credit card companies are still trying to assess their exposure to the unfolding Galway scam but a number of sources have confirmed "thousands" of cards have been compromised.

Some card holders had several thousand euro stolen before they realised their cards had been compromised.

News of that case emerged in The Irish Times yesterday following revelations about another similar scam on the east coast last weekend in which over 9,000 cards were skimmed.

In both cases the criminal networks responsible doctored payment terminals in targeted shops. And in both cases a range of cards were targeted including laser, ATM and credit cards from all of the major banks and credit card companies.

A UK gang is suspected of the east coast attempted fraud while an Eastern European gang is suspected in the Galway case. Gardaí investigating the fraud in Galway at first believed data had been skimmed from cards via small hand-held devices used by people with access to the cards during in-store transactions.

However, following initial analysis of point-of-sale terminals taken from the shop it has been established that the terminals were tampered with and fitted with technology with the capability of skimming every card, and PIN, that was used to make a purchase.

The east coast scam involved 47 tampered devices in five major retail outlets in the east and north east of the Republic. No shops in Dublin were targeted. The devices on the east coast were tampered with by men posing as maintenance engineers. It is still unclear how and when the payment terminals in the Galway shop were interfered with.

Conor Lally

Conor Lally

Conor Lally is Security and Crime Editor of The Irish Times