After eating lunch at Thai Basil yesterday, I noticed that when I was signing my receipt they had printed my whole credit card number on there. I hadn’t seen that happen in years, and I immediately scratched it out. I happened to be with a group of cyber security guys, and they were all in disbelief as well.
It would be very easy for a thief to pick up your receipt just after you leave, then go home and have an online shopping spree. The server or anyone else handling your receipt could do the same thing.
So, be warned if you eat there, and always be vigilant about looking at your receipts anywhere you use a card.
The other annoying credit card related issue is when there are establishments that tack on a surcharge for using a credit/check/debit card. For example, if your purchase is not over $5, they tack on a $0.50 fee for using a card. This is in fact in violation of Visa and MasterCard terms of service: http://fso.cpasitesolutions.com/premium/LE/06_le_ic/fg/fg-merchants.html#C
After eating lunch at Thai Basil yesterday, I noticed that when I was signing my receipt they had printed my whole credit card number on there. I hadn’t seen that happen in years, and I immediately scratched it out. I happened to be with a group of cyber security guys, and they were all in disbelief as well.
It would be very easy for a thief to pick up your receipt just after you leave, then go home and have an online shopping spree. The server or anyone else handling your receipt could do the same thing.
So, be warned if you eat there, and always be vigilant about looking at your receipts anywhere you use a card.
That is very odd, but Thai Basil has no control over what prints on their receipts. When the laws changed, the credit card processors changed the way they transmit the data back to the terminal. It is not a setting that is switched on and off at the retail end. They need to call their processor.
Luckily, most merchants online now ask for the Card Verification Value (CVV) code of the credit card being used for them to secure “card not present” transactions occurring over the Internet, by mail, fax or over the phone for just such reasons. That code is usually only on the card itself and not printed on any receipts. I understand it is mandatory in many western Europe countries due to fraud.
Luckily, most merchants online now ask for the Card Verification Value (CVV) code of the credit card being used for them to secure “card not present” transactions occurring over the Internet, by mail, fax or over the phone for just such reasons. That code is usually only on the card itself and not printed on any receipts. I understand it is mandatory in many western Europe countries due to fraud.
True, but with Visa and MC, there are only 999 possible combinations because the CVV codes are only 3 digits long, which really isn’t that many to roll through if you script it. Could be discovered in milliseconds. All you have to do is find a mom & pop web shop (there are millions) with minimal protections their shopping cart application from the server side, and auto-submit the form over and over until it works. This would be child’s play for a hacker.
True, but with Visa and MC, there are only 999 possible combinations because the CVV codes are only 3 digits long, which really isn’t that many to roll through if you script it. Could be discovered in milliseconds. All you have to do is find a mom & pop web shop (there are millions) with minimal protections their shopping cart application from the server side, and auto-submit the form over and over until it works. This would be child’s play for a hacker.
True, but with Visa and MC, there are only 999 possible combinations because the CVV codes are only 3 digits long, which really isn’t that many to roll through if you script it. Could be discovered in milliseconds. All you have to do is find a mom & pop web shop (there are millions) with minimal protections their shopping cart application from the server side, and auto-submit the form over and over until it works. This would be child’s play for a hacker.
The same goes for the expiration date.
You realize some 18 year old is down loading a CVV code generator and in 6 months will be doing 5 to 10 for credit card fraud ...
The FBI is surrounding Piffy’s compound as we speak..
This is the beginning of the end of the MX forum.. see you guys in the slammer…
Another local restaurant discovered doing the same thing. My full CC # was on the Merchant copy of the receipt (the one I signed). This time it was at China Wok on Merrimon Ave.
