Change is on the horizon for MasterCard and Visa cardholders in the United States. Both brands announced that they will be updating their credit cards from the magnetic stripe to the chip-and-pin format. The U.S. is one of the last major countries to transition to the chip-and-pin format. Countries in Europe have been using the chip and pin method since 2005, as have Asia and South America. Canada plans to make the switch in the coming year.
The switch in formats has proved very effective for the United Kingdom where they have seen a significant reduction in credit card fraud. The U.K. Payments Administration stated that since the implementation of the chip-and-pin credit cards, in-store credit card fraud dropped from 218.8 million pounds in 2004 ($356.5 million) to 98.5 million pounds in 2008 ($160.5 million).
Unlike the magnetic stripe currently used on credit cards around the United States, these cards have a smart chip containing the cardholder’s information and each time you swipe the card you are required to enter a four-digit PIN that corresponds with a number inside the chip. (more…)
A Starbucks employee in Jakarta recently took it upon himself to stock up on iPods purchased with the credit card numbers of customers. According to police sources in Jakarta, the suspect, reprinted daily receipts that included the credit card verification value.
While the fraudster will be prosecuted and serve time, the Starbucks franchise was storing credit card verification codes (presumably after authorization), which is one of the biggest “no nos” in the Payment Card Industry Data Security Standard. The storage of the card verification code is prohibited, along with track data and PIN/PIN block. The franchise should and will be held accountable for storing the information post authorization.
Franchise owners must know what data their point-of-sale system has; it is tough to safeguard or put security and operational measures in place if you are unaware of the data. If you are a franchise owner, take the initiative and do discovery on what data you have. If you are unaware of how to do this, contact your point-of-sale vendor for discovery assistance within the POS or terminal.
Security consultants can also be of assistance and search for data beyond the POS system.
I’ll take a grande latte with that 64GB iPod touch.