Tuesday, April 15, 2014

No, pay-at-table credit card processing is NOT necessarily more secure

A recent article in PMQ Pizza Magazine describes a security problem:

There aren’t many places where a customer would hand over his credit card to a complete stranger and lose sight of it for several minutes, but this transaction is routine at restaurants. Most consumers don’t give it much thought, but as identity theft becomes more commonplace and more lives are ruined every day by scam artists with pilfered credit card numbers, some technology companies have begun offering alternatives that allow restaurant guests to pay for their meals without having to surrender their plastic to a stranger.

I recently discussed one of these alternatives, the Ziosk device, in a post on my Empoprise-NTN NTN Buzztime blog - not because of its pay-at-table capabilities, but because the device potentially encourages customers to spend more money at restaurants. But the Ziosk device certainly offers the capability to pay your bill without giving a credit or debit card to your server. And there are other devices that offer this, including devices from TablePay of America and PayAnywhere.

However, it's a stretch to think that such a payment system is necessarily more secure. While such a system eliminates one type of fraud, it does not eliminate EVERY type of fraud. A dedicated hacker could presumably hack the device, or the wired or wireless network, and obtain the credit card information from the network. While the devices are relatively small, I'm sure that an enterprising cracker could develop a credit card skimmer. Look at what a skimmer recently did on the New York subway system:

According to New York Metropolitan Transportation Authority (MTA) City Transit, an unidentified rider discovered [a] device at New York's 59th Street Columbus Circle subway station late Thursday. It consisted of a credit card skimmer placed over the vending machine's official card reader and — here's the ingenious part — a credit card camera situated just above the vending machine.

That camera was actually hidden inside a tiny, two-outlet power adapter. There was a tiny hole in its base for the camera.

Apparently, the camera was activated whenever an unsuspecting MTA customer inserted or removed their card. That meant the thieves would have both the scanned card info and any details about the card (and person) they can glean from the over-the-head photo. The camera was powered by a large battery pack hidden on top of the vending machine.


Of course, my transaction last Thursday was safe. For that particular restaurant visit, we paid with cash.

Do carry cash?
blog comments powered by Disqus