For a long time, I've had a queasy feeling about these nifty card scanners that started appearing everywhere about fifteen years ago. The first place where I saw and used one was in a Ralph's Grocery store in San Diego, California, in about 1994. Now, they are everywhere.
Theoretically, these should be much more secure, because the card never leaves your physical possession, and the information is encrypted, and processed by software that is required to meet very high standards. Rules made and enforced by the card issuers set a very high bar, and prohibit the merchant (grocery store, gas station, or whatever) from storing your card number, PIN, and Card Security Code in their own data base, unless it is secured against unauthorized access. The merchant is supposed to hold onto it just long enough to validate it, and process the transaction. I learned all this last year, when I was commissioned to write an interface to a merchant gateway.
Reality IntervenesTechnology is neutral. It doesn't care how it is used. It doesn't matter whether that technology is a pocket knife, a credit card scanner and its accompanying software, or the technology to split the atom. Until our collective wisdom catches up with our technical skills, this means that any technology is not only subject to abuse and misuse, but that it
will be abused and misused.
In "
Credit Card Skimming: How Thieves Can Steal Your Card Info Without You Knowing It," Cisco Security Expert Jamey Heary gives a guided tour of how thieves can steal your card number and PIN right under your nose. I wish the pictures were better, and I'm sure that there are better ones where those came from, but it's a start, and it confirms my long held suspicion, kept solely to myself until now, that these machines could be usurped.
Do your own research. You have been put on notice.
