Credit card warning
Darren Duncan
darren at darrenduncan.net
Thu Jun 6 02:48:31 PDT 2013
On 2013.06.06 1:37 AM, Peter Ezetta wrote:
<snip>
> Now, on to the fun part... Very commonly, credit card theft is a multi-tier
> system. At some point, you probably encountered a waiter or bar-tender that was
> less than scrupulous. We are all too accustomed to letting our credit/debit
> cards out of our sight at bars and restaurants when we run a tab, or leave a
> card in a ticket book to be run by a waiter. This waiter or bartender will then
> take your card, run it for your order, and also run it through a skimmer. Most
> of the time, the transaction you made with the establishment will go through as
> expected. This puts some degree of separation between the theft and the
> legitimate transaction.
<snip>
I've heard this said a number of times in the past, but I think the above notion
is either outdated or region-specific now.
In the last few years at least, if not longer, I've found, and I eat out a
*lot*, that at every store I go to, and I typically pay with plastic for bills
over about $10, that the concept of one's card getting out of sight basically
never happens at all.
In reality / modernity, stores or restaurants always want you to go to the
register, or they bring a portable reader to you, and the card is run right in
front of you, never leaving your sight. In fact, often you're the one who puts
the card in the reader yourself.
So if a merchant is participating in a scam, it is happening using their regular
card reader, which was probably hacked to steal information, but it works
normally in front of the customer who sees the action.
Around here I've heard cases of large numbers of stores having their card
readers stolen by thieves, or surreptitiously being replaced by a hacked version
of the same device, and so a merchant's reader could be stealing info and
transmitting it to the thief and the merchant doesn't even know. Some merchants
protect against this by keeping an eye on their terminals, or hiding them away
when not in use, or marking the bottom with some proprietary sticker or other
marking that they regularly check, and whose absense might mean the terminal was
replaced.
But cards getting out of the customer's sight? Maybe in the past. But with the
advent of chip cards which by necessity require the customer to enter a pin for
them to be used, the customer has to be at the terminal for the transaction, and
chip cards have basically replaced all the cards by now, so having the waiter
taking the card out of sight is in the past.
Or in regions that aren't up to date, and customers should be wary of any
business whose reader doesn't support chip cards, or wants to take the card out
of sight.
-- Darren Duncan
More information about the yapc
mailing list