Just like infamous bank robber Willie Sutton, credit card crooks go where the money is, and they’ve already shown their hand when it comes to Gaming Entertainment. The frequency and sophistication of cyber-attacks and card skimming is increasing. At the same time, casinos are embracing new technologies for mobility, self-service and more to connect with and develop a more meaningful relationship with their guests. While the benefits are clear, casinos must do more to mitigate the risks to their guests, their brands, and – ultimately – their profitability.
According to a 2017 Identity Fraud Study by Javelin Strategy & Research, 15.4 million U.S. consumers were victims of identity fraud in 2016, up by more than 2 million over 2015. The cost of that fraud was $16 billion, up almost $1 billion from the previous year. The Nilson Report, a payment industry publication, estimated that payment card fraud would reach almost $28 billion in 2017, and nearly $33 billion in 2019.
Skimming is on the rise
ATMs, merchant card readers and payment kiosks are a favorite target for skimming. According to FICO, the number of hacked readers at ATMs, restaurants and merchants it monitored rose 30% in 2016, while the number of payment cards compromised at ATMs and merchants rose by 70%. In March 2017, the U.S. Attorney’s Office for the District of Nevada announced the indictment of 21 individuals accused of using skimmers on casino ATMs, TITO kiosks, and other means to capture card data. That data was used to create counterfeit credit and debit cards that were used for fraudulent debit and credit card cash advance transactions at Las Vegas casinos and elsewhere, as well as to make purchases at high-end boutiques.
Data breaches remain a threat
In recent years, many hospitality organizations including several casino operators have discovered breaches, often involving payment card systems. Hackers equipped with sophisticated tools continuously search for vulnerabilities in the security chain—even fish tanks—that give them access to network assets. Cyber-criminals aim to steal consumer financial and personal data that can be used to create cloned credit and debit cards, or even open up fraudulent card accounts. Casinos must be on alert 24x7 to try and stop cyber-attacks, but criminals only need to be lucky once.
Layered security provides the best risk mitigation
The worldwide implementation of EMV chip-card technology is a major step forward in countering card fraud at the point of sale. According to Visa, U.S. merchants who adopted chip card acceptance devices experienced a 66% decrease in counterfeit fraud volume in September 2017, compared to the same month in 2015. Yet, EMV accounted for less than one-third of U.S. card transactions as of July 2017.
Regardless, EMV alone doesn't prevent the misuse of electronic data compromised in a network breach. When the UK switched from magnetic stripe to EMV cards in 2004, fraudulent transactions completed online and via telephone (card not present) grew from 30% to 69% over the 10 years that followed. The ongoing cat-and-mouse game between cyber-criminals and businesses means that Gaming Entertainment companies need a multi-layered security strategy to protect their finances and their customers. Encryption, tokenization and physical security all must play a role in mitigating fraudulent card theft.
Are you secure?
Your payment solutions provider plays an important role in keeping your guests, your reputation and your profitability safe. As a division of Global Payments, security is an integral layer in all of our solutions. Contact us today by completing the form at the bottom of this page to schedule a security consultation.