kiosk security manual
TRANSCRIPT
Kiosk Security Manual
Technician
June 23rd, 2015
This document is property of U.S. Payments LLC and contains confidential information. U.S. Payments, LLC deems any information, policies and/or related procedures that contain i) data processing or management information or systems including, but not limited to, hardware, software and technical specifications and technical information pertinent thereto; (ii) intellectual property; (iii) system architecture, structure, operational and technical information; and (iv) any information in any manner ancillary or pertinent to any of the foregoing to be confidential and proprietary information. As a result, the following document is considered confidential. Any reading, dissemination, forwarding, printing, copying or other use of this informat ion is strictly prohibited without the express written consent of U.S. Payments
Kiosk Security Manual Page 2 of 7
Detecting Skimming Devices Skimming devices can come in all shapes and sizes. Typically, compromised Credit Card Readers will have signs of tampering including:
• Wires connecting the Credit Card Reader are replaced with wires that aid in the capture of
card data. • Plastic “Skimmer” devices that are affixed to the mouth of a Kiosk and secretly copy credit
and debit card information.
In line with today’s rapid technological advancements, skimming devices improve quickly and are harder than ever to detect.
Detecting Tampering or Substitution Evidence of tampering or force entry to the Paysite kiosks could include:
• Marred or damaged locks • Scratch marks or dents near access areas or components • Kiosks left unlocked • Model or serial number of credit card reader does not match records
Inspection Frequency PaySite Kiosks will be inspected for evidence of tampering and the presence of skimmers prior to:
1. Cash Servicing 2. Re-loading paper or other consumables 3. Troubleshooting any technical issue 4. Replacement of components
Kiosk Security Manual Page 3 of 7
Kiosk Access Prior to accessing the kiosk, you should inspect the outside for evidence of tampering. (Examples of tampering could include lock damage, skimmers placed on the credit card reader, etc.) See pictures below of the external facing Credit Card Readers installed on PaySite kiosks (Figures 1 and 2). Feel around the outside front of the credit card reader to verify nothing is affixed to the reader. If any tampering is suspected, immediately contact U.S. Payments support at 888-694-2670.
Figure 1: Indoor model Kiosks
Figure 2: Outdoor model Kiosks
Kiosk Security Manual Page 4 of 7
Once internal access to the kiosk is established, verify there is no evidence of tampering with the internal workings of the credit card reader, examples of tampering could be additional wires clipped onto the credit card reader, or additional hardware mounted onto the reader itself. See pictures below of what the credit card readers installed in PaySite kiosks should look like (Figures 3, 4, and 5).
Figure 3: Outdoor model Kiosks, note 1 mini USB cable coming off the back of the reader and 2 wire bunches containing 2 wires each (2 red, 2 green, 2 yellow, 1 black)
Figure 4: Indoor model Kiosk Gen 2 Reader, note 1 mini USB cable coming off the back of the reader and 2 wire bundles containing 2 wires each (2 red, 2 green, 2 yellow, 1 black)
Kiosk Security Manual Page 5 of 7
Figure 5: Indoor model Kiosk Gen 1 Reader, Note 1 Molex cable coming off the back of the reader with 5 wires (2 black, 1 green, 1 white, 1 red) also 2 wire bundles 5 wires each (2 green, 2 red, 1 black)
Once this inspection is complete, if no issue is detected, no report to U.S. Payments is necessary. Incident Response
In the event tampering or skimmers are detected, the kiosk will be shut down immediately by the individual performing the inspection and U.S. Payments will be notified at 888-694-2670. U.S. Payments will dispatch a technician to assess and resolve the issue. Any parts that could have been compromised will be replaced and brought back to U.S. Payments for inspection. U.S. Payments will also work with the location to determine when the tampering happened, and adjust any policy or behavior that may have allowed this tampering to occur.
Kiosk Security Manual Page 6 of 7
Contacts
U.S. Payments Logistics Support [email protected] 888-694-2670
Sean Morris Manager, U.S. Payments Logistics Support [email protected] 918-728-3815
Daniel Price Network Analyst, U.S. Payments [email protected] 918-728-3810
Field Service Report
Subscriber
U.S. Payments SO#
End User Contact Phone
Member Company
Technician Name (Printed)
Enduser Name (Printed) Technician Signature
Enduser Signature Activity Summary
Date Arrive Time
Depart Time
Travel Hours
Miles
Equipment Model
Serial Number
Trip 1
Expect
Trip 2
Actual
Trip 3
Action Taken
Kiosk Security Acknowledgement (Tech to fill this out and sign it)
I certify that I have read and understand the Kiosk Security Document and have followed all procedures within. I verify that there is no skimming device on the kiosk that I have serviced on this day.
Kiosk #
Address
City, State, Zip
CC Serial # (Old if applicable)
CC Serial # (Current)
Date
Technician’s Printed Name
Technician’s Signature
This document should be emailed with the SO# in the subject line to ServRight at [email protected]
Expenses Shipping Tracking Numbers
See bottom of page 2 for instructions FSR Must be sent to ServRight within 24 hours after being on site to be paid for the service order
Field Service Report
Tolls Parking Misc. – Requires pre-approval
Use Adobe Acrobat Reader for both Android and iPhones which is free at Play Store. Use it to fill out this form, you can add text, use voice input, add pictures of receipts, then sign and send the document to ServRight. Once you added your receipts and signatures, share the file and send the FSR as an attachment to [email protected] with the SO# in the subject line. The FSR is then deposited right into the service order which will greatly improve the process and decrease the processing time of payments. Android https://play.google.com/store/apps/details?id=com.adobe.reader Apple https://play.google.com/store/apps/details?id=com.adobe.reader.intune Create a signature and add receipts
1. With the annotations menu open, tap and . 2. Tap where you want to add your signature. If no signature has been previously stored on the device, the Create
Signature panel appears. 3. Do one of the following: 4.
Hand draw a signature.
Tap to choose an image on your device.
Tap to use your camera to capture an image of your signature or add a receipt.
Tap Done.