Sister CISA CISSP

Apr 17 2008   9:47PM GMT

LOOK at Your Credit Card Receipts



Posted by: Arian Eigen Heald
Tags:
Identity theft
PCI DSS
Security

You would think that with all the news and noise about credit card information being stolen, that more folks would pay attention to what they’re signing at restaurants (an especially GOOD place to get your information stolen) gas stations and hotels. With the amount of travel I do, I end up with quite a collection from many places.

But your credit card information (and mine) is only as secure as the hardware at the point of sale. The machine that your card gets swiped through does all the work. And depending on the age of that piece of equipment, all of your information may be transmitted and stored elsewhere to be harvested by thieves. Or the machine may be compromised at the register by a dishonest employee that “harvests” your information. Other machines can be accessed (and hacked) remotely.

So, what do I check? Is the entire credit card number visible on the receipt? What about the expiration date? Some vendors sell machines that save the entire number to their copy and blank out the numbers on mine. You would think that PCI or the FTC’s FACTA law would mandate removal of all numbers on both receipts. True, FACTA does mandate that all but the last five digits be masked, as well as the expiration date. However, it doesn’t apply to manually generated receipts (the old-style imprint) or handwritten invoices or receipts. Notably it also does not require truncation of credit card numbers on the merchant’s transaction record or even the merchant’s copy of the receipt. Does that make sense to you? Me neither.

If you write in a tip, make sure you reconcile that number with what is billed to you….. otherwise you may be paying much more of a gratuity than you intended, AND you will have trouble reconciling expenses (I hate that).

And make sure the card you get back is YOURS. That’s another favorite trick I didn’t know about until recently when someone gave me the heads-up.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: