With the increasing prevalence of contactless payment systems, thefts involving portable point-of-sale (POS) devices are resurging. These thefts, characterized by their rapid execution, are often difficult to detect. Business owners must consider the real risks posed by these scams and explore effective ways to mitigate them.
Recent Incident in Sorrento
A notable case of POS theft occurred recently in Sorrento, Italy, where an individual attempted to pilfer €100 from a bar’s cash register. Authorities reported the apprehension following a tip-off from the news agency Ansa, which revealed that a modified portable POS terminal was discovered during the suspect’s arrest. This incident underscores a troubling trend, as the suspect had previously been arrested in Rome for similar offenses involving such devices.
The terminal identified in this case resembles the SumUp Solo, a widely used portable POS that operates without a smartphone connection. These devices have gained traction due to their affordability and ease of use, particularly in markets and small stalls. The increased accessibility of such technology makes it a favorable tool for thieves, compounding the challenges for businesses and consumers alike.
Methods of Operation
Thieves employing portable POS terminals typically utilize one of two primary strategies to execute their scams. The first involves stealing wallets and subsequently performing a series of low-value transactions using stolen cards—transactions that do not require PIN entry—before discarding the wallets once they hit the limit. This method capitalizes on the speed of contactless payments.
The second approach involves targeting bustling public spaces, allowing the perpetrator to create payment requests on a portable POS while unobtrusively approaching potential victims. The close proximity required for these transactions means the thief relies on chance encounters to succeed. However, the success rate of such scams is not high due to several factors, including the immediate need for confirmation of the payment and the requirement for the POS terminal to be in close range of the victim’s card. These operational challenges highlight the necessity for vigilance in crowded areas.
Cybersecurity Considerations
Business owners should be aware that the risk of these scams extends beyond traditional theft. Wallets placed visibly in back pockets can be susceptible not only to conventional theft but also to more sophisticated scams involving contactless technology. To counteract this risk, it is advisable to utilize wallets equipped with RFID-blocking capabilities, creating an additional layer of defense against unauthorized transactions.
Furthermore, enabling notifications for all contactless transactions through bank apps can alert users to unauthorized charges quickly. Thieves often target small amounts, banking on the likelihood that victims may overlook minor withdrawals. If a scam is suspected, contacting the bank immediately to dispute charges is critical, as digital transactions leave an audit trail that can assist in tracking the unauthorized device.
Modern smartphones, which are now commonly outfitted with NFC chips, add another layer of security. The necessity for the smartphone to be unlocked before a transaction can occur significantly curtails the effectiveness of portable POS scams. This security measure acts as a barrier, ensuring that even if a POS terminal is placed near an unattended phone, a transaction cannot be completed.
As incidences of portable POS theft continue to emerge, businesses must remain vigilant and implement robust security measures to safeguard against these evolving threats. Understanding the tactics outlined in the MITRE ATT&CK framework can be invaluable for identifying potential vulnerabilities and bolstering defenses against contactless payment fraud.
