• About IPSO
• Companies and Schemes
• National Payments Strategy
• Publications and Reports
• SEPA
• Industry Statistics
• Account Validation & Sort Codes
• Consumer Corner
• Business Centre
  • Payment Types
    • Direct Debits
    • Making Electronic Payments
    • Payment Cards
      • What is a Payment Card?
      • Types of Payment Cards
      • How Does a Business Accept Card Payments?
      • Characteristics of Accepting Payment Cards
      • Advice to Retailers regarding the Security of PIN Entry Devices (PEDs)
      • Safe and Secure Payment Card Acceptance
      • Security Developments in the Card Payments Industry
      • Facts and Figures
      • Frequently Asked Questions
    • Cheques
    • Cash
  • Did you know?
  • Developments in Irish Payments
  • Frequently Asked Questions
• Photo Gallery
• Media Centre

You are here: Home -> Business Centre -> Payment Types -> Payment Cards -> Advice to Retailers regarding the Security of PIN Entry Devices (PEDs) A A 

Criminals have found it possible to insert data capturing equipment into retailer terminals which are used to input credit and debit card transactions at retail outlets. These terminals are also known as PIN Entry Devices (PEDs).

The method involves the theft of PEDs from stores and retail outlets. The stolen PEDs are re-engineered and fitted with additional equipment inside. It should be noted that the criminals have overcome the security features of several different manufacturers. The compromised devices are then installed into a retail outlet, such as a supermarket or petrol station, (often with the assistance of a collusive member of staff) and card details and PINs captured from transactions. This data is transmitted to the criminals who then use it to create fake payment cards that are used abroad at non-Chip & PIN terminals.

What can you do to prevent this occurring?

Review current security around your PEDs including:

• Ensure your PED estate is fully audited and recorded (i.e. serial numbers and any other identifying number and at which outlet and till it is deployed).
• Review placement of internal CCTV cameras to cover till areas.
• Review those who have access to recording equipment. On occasion, when PEDs have been stolen or replaced in the past, CCTV has been turned off or cameras turned away from the criminal activity.
• When returning PEDs to your acquiring bank due to a break down, ensure the return is properly recorded and that returns to the manufacturer are audited. Cases in other countries show that some returned PEDs have subsequently been found to have been tampered with and reused to commit crime.
• Consider how such a device may be placed at your premises. Staff members may be approached and offered money or other rewards to facilitate the placing of corrupted PEDs at your outlets. Encourage staff to report anybody approaching them in this way.
• Consider IT solutions that are available to detect PED replacement on the system such as monitors which show if devices have been uninstalled for a period of time. For more information on the systems available, contact your acquiring bank or integrated terminal provider.

What Action to Take:

1.   PED Theft

If you discover that a PED has been stolen:

• Contact the Gardaí and report the theft
• Secure any CCTV images of the theft
• Retain any other evidence such as details of witnesses, staff or otherwise for the investigating officer
• Advise your acquiring bank or processor
• Follow all procedures in line with your own company’s policy

2.   PED Compromise
If you believe that one or more of your PEDs have been compromised or tampered with:

• Remove the device and retain securely. Seal in a tamper proof bag if available
• Record the exact date and time the PED was disconnected from the system or ‘powered down’
• Contact Gardaí and your acquiring bank or processor immediately to report the incident
• Contact your company security and comply with your company policies in this regard
• Secure any CCTV evidence and retain staff records

This information is available for download here.