POS devices still insecure

Posted on by

Joyfulchicken of Chicken Mafia recounts what is purportedly said to be common amongst Citibank credit card users – fraud:

When the Citibank person asked me if I had used my card yesterday, I just sighed knowingly and said, “No. What is it this time?” Well, someone bought 16,231.50 pesos worth of stuff in Ace Hardware SM Manila using a clone of my card. Whoa, that’s around $350. I wonder what the guy bought. 10 of these perhaps?

Anyway, Citibank faxed over a dispute form for me to sign. My card has been canceled, and a new one will be sent to me in a few days. The process is still annoying, but it’s relatively painless. It seems that Citibank is getting more and more efficient at handling credit card fraud. I guess they’ve been getting a lot of practice.

Maybe I share part of the blame for not learning my lesson from four years ago. Last Saturday evening, I foolishly filled up at a random gas station in the middle of nowhere. And now this happens. Hmm, is there a syndicate of credit card-stealing gas station attendants? More evidence that oil companies are vortexes of pure evil….

Well, he’s no joyful chicken at the moment. And you will be joining him, if you are not careful.

The Internet Storm Center reports on vulnerabilities and security problems regarding point-of-sale (POS) devices (PDF of the white paper here). The white paper asserts that while security risks are known since Heaven knows when, credit card companies and retailers are slow in addressing them, and it criticizes the actions taken as either inadequate or too late.

As for now, here are some steps in securely using credit cards:

1. Use credit cards at stores that take several steps in the process. For example, National Bookstore requires the credit card holder to present a valid ID before the transaction is processed. SM Supermarket, SM Department Store, and Music One do not demand for IDs. (If you know retailers who do not demand IDs, list them down in the comments.)

2. When paying using credit cards, make sure you see where it is to be swiped. That means, do not use credit cards in restaurants and gasoline stations.

3. Shop using cash. This way, you can stick to your budget.

Why can’t they require PINs for credit cards?