In some ways, retailers and credit card companies are trying to be proactive in the fight against credit card fraud. For example, Visa developed software to detect whether it is you or an impostor who is using your credit card at a gas station pump. The use of new EMV-chip credit cards will help prevent fraud, because they contain a chip that generates a unique code for each transaction.
There is no doubt that these are steps in the right direction. Software and chip technology are innovative solutions that have taken time to come to fruition. Unfortunately while resources are used to develop these more complex solutions, businesses often forget to consider simpler, more obvious solutions for credit card fraud.
A case in point is the failure to change the default passcode on credit card machines. According to CNNMoney, 90 percent of credit card readers currently operating at retailers use the same passcode. This passcode, set by default on credit card machines dating back to 1990, can be found via a quick Google search. With this passcode, an attacker can obtain control of a store’s credit card reader by hacking into the machine and infecting it with malware that steals customers’ payment data according to cybersecurity firm Trustwave.
The problem is essentially an instance of passing the buck. According to Trustwave executive Charles Henderson, manufacturers sell the card readers to distributors. These distributors then sell them to retailers. Unfortunately, no one believes it’s their responsibility to change the master code. They think security of the point of sale falls on someone else’s plate.
This is a misperception of all parties, because it should be a shared responsibility. Retailers should be securing their own readers, and the resellers should be helping them to do it. For more information on the laxity in security measures, take a look at the Verizon 2015 PCI Compliance Report.
(Photo: Home Depot Credit Card, Flickr)