Credit card warning

Darren Duncan darren at darrenduncan.net
Thu Jun 6 02:48:31 PDT 2013


On 2013.06.06 1:37 AM, Peter Ezetta wrote:
<snip>
> Now, on to the fun part...  Very commonly, credit card theft is a multi-tier
> system.  At some point, you probably encountered a waiter or bar-tender that was
> less than scrupulous.  We are all too accustomed to letting our credit/debit
> cards out of our sight at bars and restaurants when we run a tab, or leave a
> card in a ticket book to be run by a waiter.  This waiter or bartender will then
> take your card, run it for your order, and also run it through a skimmer.  Most
> of the time, the transaction you made with the establishment will go through as
> expected.  This puts some degree of separation between the theft and the
> legitimate transaction.
<snip>

I've heard this said a number of times in the past, but I think the above notion 
is either outdated or region-specific now.

In the last few years at least, if not longer, I've found, and I eat out a 
*lot*, that at every store I go to, and I typically pay with plastic for bills 
over about $10, that the concept of one's card getting out of sight basically 
never happens at all.

In reality / modernity, stores or restaurants always want you to go to the 
register, or they bring a portable reader to you, and the card is run right in 
front of you, never leaving your sight.  In fact, often you're the one who puts 
the card in the reader yourself.

So if a merchant is participating in a scam, it is happening using their regular 
card reader, which was probably hacked to steal information, but it works 
normally in front of the customer who sees the action.

Around here I've heard cases of large numbers of stores having their card 
readers stolen by thieves, or surreptitiously being replaced by a hacked version 
of the same device, and so a merchant's reader could be stealing info and 
transmitting it to the thief and the merchant doesn't even know.  Some merchants 
protect against this by keeping an eye on their terminals, or hiding them away 
when not in use, or marking the bottom with some proprietary sticker or other 
marking that they regularly check, and whose absense might mean the terminal was 
replaced.

But cards getting out of the customer's sight?  Maybe in the past.  But with the 
advent of chip cards which by necessity require the customer to enter a pin for 
them to be used, the customer has to be at the terminal for the transaction, and 
chip cards have basically replaced all the cards by now, so having the waiter 
taking the card out of sight is in the past.

Or in regions that aren't up to date, and customers should be wary of any 
business whose reader doesn't support chip cards, or wants to take the card out 
of sight.

-- Darren Duncan



More information about the yapc mailing list