Login

New user? Create an account
Forgot your password? Get it back!

Signup

Password Policy
Already a member? Login

2FA

2-Factor Authentication is enabled for this account
Login with a different user

Email Confirmation

Send confirmation email to the following
Login with a different user
Payment Device Tampering Policy
Last updated: 08 August 2022

Policy Statement
All users of Opta Pay are responsible for safeguarding their POS (Point-of-Sale) Terminals and PIN pads (hereinafter "payment devices"), and must comply with the safeguarding parameters and standards defined in this Policy. Any payment devices found or believed to be tampered with and/or otherwise suspicious should be reported immediately to Lucus Labs by sending an email to security@lucuslabs.com and by calling the phone number at the top of this page.

Reason for Policy
The routine inspection of payment devices for identifying possible tampering is one of several primary safeguards employed to protect cardholder data. If a payment device is compromised, any credit/debit cards used with that payment device after the compromise should also be considered as being compromised. The parameters in this policy are designed to comply with legal and regulatory standards, including, but not limited to, the Payment Card Industry Data Security Standard (PCI DSS).

Entities Affected by this Policy
All Opta Pay users, whether employees or merchants of Lucus Labs, using payment devices that make contact with customers' credit cards for taking payments.

Responsibilities
Device owners and operators (including, but not limited to, cashiers & clerks) are required to inspect payment devices on a daily basis for any tampering or unapproved / unexpected replacement of Terminals, POS's, and other payment devices that are used to read credit cards. The below list outlines steps to inspect and protect payment devices from tampering or replacement by any unauthorized parties:

  • Before bringing a payment device online before any shift, the payment device's ID / Serial Number should be verified. This is done by comparing the Serial Number of the payment device with the serial numbers recorded in Opta Pay and/or the POS Inventory list stored on file by the Merchant.
  • Devices not in use should be stored in a secure location with minimal access and only accessible by authorized personnel.
  • Only authorized personnel should be allowed access to any POS, Terminal, PIN pad, or other hardware payment device.
    • Merchants should document date, time, and name of individual(s) who are provided access to any device.
  • Employees should inspect all payment devices for physical tampering daily or at the beginning of their shift.
    • Check for signs the screen, keypad, magnetic swipe, chip reader, and NFC surfaces have been altered in any way or show signs of tampering (such as previously unknown scratch marks around the edges or missing screws).
  • In the event a payment device requires repair or replacement, contact us by calling the number at the top of this page or by sending us an email, at which point we will work with you and the vendor to repair or replace the device at the Merchant's expense.
  • Promptly report any suspicious behavior, including suspicion of attempted tampering of a device, unplugging of cables, scratching, etc., to a manager, and follow the steps below for reporting a suspected device compromise.
Unattended Payment Devices
Unattended payment devices pose a high risk and must be avoided at all times. Having payment devices unattended could lead to the following, but not limited to, implications:

  • stolen / compromised payment devices;
  • a good payment device being swapped for a compromised device running malware or other malicious code;
  • service personnel posing as technicians tampering with a payment device and exchanging it with a malicious device; or
  • added overlays with skimming and key-logging capabilities,
all of which could lead to stolen / compromised cardholder data.

Payment Device Checklist
To minimize the risk of unauthorized individuals tampering with a payment device, the following checklist should be verified regularly (at least daily):

  • Is the payment device in its designated / intended / original location?
  • Is the payment device name and model number / serial number correct?
    • Do they match those on file on-site and with Opta Pay?
  • Is the color and condition of the payment device as expected, with no additional marks or scratches (around seams or terminal window display)?
  • Is the payment device missing any screws?
  • Are the manufacturer's security seals and labels present with no signs of peeling or tampering?
  • Is the number of connections to the payment device as expected, with the same type and color of cables, and with no loose wires or broken connections?
  • Is the payment device only being used by authorized personnel?
  • Are there any payment devices located where an additional or unauthorized camera or NFC equipment could be hidden near the payment device?
  • Are there any unauthorized electronic devices (such as phones, tablets, etc) located near the payment device?
  • Has there been any suspicious behavior around the payment device while it was unattended?
Reporting a Suspected Device Compromise
If you believe a hardware device or customer payment card has been compromised, promptly notify any of the following support teams:

You can also notify us from our website at https://optapay.com/#contact

Filing or reporting a security incident can always be done without fear or concern for retaliation.