As consumers, we've grown accustomed to paying for purchases with credit cards wherever we go. Yet, that universal acceptance has caused us to think about how easily someone with bad intentions can gain access to our account numbers and our other personal information. The credit card industry has partnered with merchants to plug two of today's biggest leaks:
Handheld Credit Card Capture
In September, Federal investigators pressed charges against eight restaurant workers alleged to have used the bustle of Minneapolis bistros to conceal their real jobs: collecting credit cards as part of a "skimming ring." Groups like these have turned up across the country, often startling managers and owners of the establishments in which they operated, unnoticed. Participants often justify the practice by targeting high-limit business credit cards at steakhouses, country clubs and valet parking kiosks.
As a response to their own battles with skimming rings, European merchants pioneered the latest restaurant craze: swiping your credit card right at the table. During one of Don Draper's three-martini lunches, it would have been considered gauche to handle such a transaction in the center of the dining room. Today, it's a gesture to ensure your personal security, as well as your future business. You no longer have to question the ethics of your delightful lunchtime server if he or she keeps your credit card visible to you throughout your payment process.
E-Commerce Account Vulnerabilities
The Payment Card Industry Data Security Standard sets the guidelines for how websites pass account details to merchant banks. When the most recent revision of the PCI DSS hit the web in 2008, retailers had already responded to severe attacks against their secure databases. Meanwhile, criminals discovered that it was often easier to steal executives' laptops from airports, parking garages and hotels.
As a result, industry experts anticipate the next revision of the PCI to contain some of the most stringent rules about handling customers' credit card information. Therefore, technology providers have stepped up to eliminate the need for retailers to collect credit card numbers in the first place. For instance, a new system from CyberSource pushes account data directly to their PCI-compliant servers. The merchant's website retains only a "token," a string of letters and numbers tied to the secure account file at CyberSource. With card numbers stored offsite, e-commerce website managers no longer have to worry about internal theft, outside hackers, or laptop thieves.
Only a few years ago, customers clamored for merchants and retailers to keep their cards "on file." Today, savvy shoppers limit access to credit card numbers. These two technologies, and more on the way, signify business partners that care about securing customer information.