October 1st 2015 came and went with little fanfare. Many businesses upgraded their point of sales terminals to be compatible with the new EMV standard, but I’ve noticed a surprising amount haven’t made the switch yet. These aren’t small time, mom & pop shops that I’m referring to either. Massive retailers that tend to be the targets of POS systems hacks are simply ignoring the fact that there is a serious vulnerability in the machines they’re using to process an ever-increasing number of credit and debit card payments. Whether it’s because of the characteristic feet-dragging of the bureaucratic decision makers that have to approve an upgrade of a technology system, or a simple lack of caring that they are now liable for credit card fraud on non-EMV (Chip) systems, enough time has passed to make the decision as a consumer to insist upon an up-to-date, secure system.
In case you weren’t aware, traditional credit card terminals are incredibly easy to hack. There are devices that you can buy online that snap on to credit card terminals and collect the data of every credit card that is swiped at that terminal. Check out the video below for an example of one of the devices being sold. It attaches and detaches in an instant, and looks almost identical to the actual face of the terminal.
While I could go around poking and prodding at every POS terminal everywhere I shop to check if there is a skimmer (the clip-on capturing device), I’ve found it easier to just avoid the lazy merchants altogether. One of my favorite technology retailers (blue sign, yellow tag), with three locations within 10 minutes of my house, has yet to move to an EMV compliant solution. They have a very nice, very expensive chip-reading terminal installed, but have yet to roll out the update (as it was explained to me by an employee) to activate the chip reading portion of it. That’s fine, everything I can purchase in that store I can buy online and have shipped to my house in 2 days. Until that update is rolled out to at least one of the stores in my area, I’ll take all my business from those retailers to the most popular online marketplace, and I’ll sleep well at night knowing my credit card information is safe.
This doesn’t work for every kind of purchase, however. Obviously if you’re going out to eat at a restaurant, you have no control over whether the employee who takes your card at the end of your meal swipes it or uses the chip. I have no idea whether my favorite sushi restaurant has updated to EMV compliant terminals because I don’t actually see the terminal. For these situations I suggest looking into a new type of card. Companies like Plastc are developing secondary cards with several steps of verification to further protect your card information. There is also the timeless method of carrying a reasonable amount of cash on you, certainly no way to hack that system.
In a perfect world, our technology would be airtight, people wouldn’t steal and there would be no need to write about this topic. Unfortunately it’s 2016 and data breaches are just as much of an issue as ever. If you’re a merchant, start thinking about the impression you leave on customers when you neglect to keep your systems secure. If you’re a consumer, take your business to the companies that keep their systems up to date. In those special cases where you simply have to use a terminal that requires a magstripe transaction, look into some alternative payment technologies and make sure you are doing your best to protect your sensitive payment information.