Merchants try to keep credit cards off their books

By , CardRatings contributor
  • Google +
  • Twitter
  • Facebook

As consumers, we've grown accustomed to paying for purchases with credit cards wherever we go. Yet, that universal acceptance has caused us to think about how easily someone with bad intentions can gain access to our account numbers and our other personal information. The credit card industry has partnered with merchants to plug two of today's biggest leaks:

Handheld Credit Card Capture

In September, Federal investigators pressed charges against eight restaurant workers alleged to have used the bustle of Minneapolis bistros to conceal their real jobs: collecting credit cards as part of a "skimming ring." Groups like these have turned up across the country, often startling managers and owners of the establishments in which they operated, unnoticed. Participants often justify the practice by targeting high-limit business credit cards at steakhouses, country clubs and valet parking kiosks.

As a response to their own battles with skimming rings, European merchants pioneered the latest restaurant craze: swiping your credit card right at the table. During one of Don Draper's three-martini lunches, it would have been considered gauche to handle such a transaction in the center of the dining room. Today, it's a gesture to ensure your personal security, as well as your future business. You no longer have to question the ethics of your delightful lunchtime server if he or she keeps your credit card visible to you throughout your payment process.

E-Commerce Account Vulnerabilities

The Payment Card Industry Data Security Standard sets the guidelines for how websites pass account details to merchant banks. When the most recent revision of the PCI DSS hit the web in 2008, retailers had already responded to severe attacks against their secure databases. Meanwhile, criminals discovered that it was often easier to steal executives' laptops from airports, parking garages and hotels.

As a result, industry experts anticipate the next revision of the PCI to contain some of the most stringent rules about handling customers' credit card information. Therefore, technology providers have stepped up to eliminate the need for retailers to collect credit card numbers in the first place. For instance, a new system from CyberSource pushes account data directly to their PCI-compliant servers. The merchant's website retains only a "token," a string of letters and numbers tied to the secure account file at CyberSource. With card numbers stored offsite, e-commerce website managers no longer have to worry about internal theft, outside hackers, or laptop thieves.

Only a few years ago, customers clamored for merchants and retailers to keep their cards "on file." Today, savvy shoppers limit access to credit card numbers. These two technologies, and more on the way, signify business partners that care about securing customer information.

0 Responses to "Merchants try to keep credit cards off their books"

No Comments

Leave a Comment
About Our Ratings ×

Our editors rate credit cards objectively based on the features the credit card offers consumers, the fees and interest rates, and how a credit card compares with other cards in its category. Ratings vary by category, and the same card may receive a certain number of stars in one category and a higher or lower number in another.

The ratings are the expert opinion of our editors, and not influenced by any remuneration this site may receive from card issuers.

Advertisers in our database are highlighted, and advertisements include an option to apply using links on our site. CardRatings.com may be compensated by companies mentioned on the site when a user's application is accepted or approved by such companies.

How do your cards stack up?

Compare your card starting here


Featured Partner Cards