PCI: Pinpad Security, Get A Grip

Do you have Dec. 31, 2007, clearly marked on your calendar? How about July 1, 2010? If not, take out a red pen. The first date is the last day on which acquirers can purchase Visa-approved PIN entry devices (PEDs).

Second is the date by which PEDs deployed before Jan. 1, 2004 - when Visa U.S.A. established its PED standard - must be removed from service.

PED security is a major issue for merchants, even if they're not yet fully aware of it. The experience of Stop & Shop Supermarket Cos. should be a call to action for you and your customers.

In February 2007, the company reported it had discovered tampering at several of its stores. Spyware had been inserted into PEDs to capture card data and PINs.

The compromised systems appear to involve devices that predate the Visa PED security standard.