[vsjhoc]

Further to Poundwise's point about the danger of using credit cards in restaurants, see this article from the WSJ:

"Card Companies Crack Down On Restaurants
Diners' Personal Data Not Well-Protected, Visa and Others Say"
By ROBIN SIDEL
March 24, 2007; Page B1

"The credit-card industry is cracking down on tens of thousands of restaurants for not adequately protecting diners' credit-card data from thieves.

In recent months, Visa USA Inc., MasterCard Inc. and financial institutions that process electronic payments have levied fines, sent warning letters and held seminars to pressure restaurants into being more careful about protecting the information.

"There are tens of thousands of restaurants that aren't complying" with industry security rules, says Robert Carr, chief executive of Heartland Payment Systems Inc., a Princeton, N.J., company that processes card transactions for small merchants. About half of Heartland's clients are restaurants.

All companies that accept plastic must follow a complex set of security rules put in place by Visa, MasterCard, American Express Co. and Morgan Stanley's Discover unit.

Since January 2005, restaurants represented about 40% of incidents in which intruders gained unauthorized access to credit-card information, according to data tracked by Visa. That is the largest percentage of incidents among merchant groups.

Meanwhile, Chicago-based AmbironTrustWave, which conducts security audits for merchants, says that 62% of the security breaches it has seen over the past 18 months came from the restaurant industry.

The incidents involve myriad security breakdowns, including poorly protected wireless networks that criminals can tap into from a laptop from the parking lot and systems that allow employees to steal card information.

Not all incidents resulted in successful frauds. Visa doesn't disclose how much fraud can be traced to restaurants. Most merchants don't disclose incidents unless there is a big chance that a major fraud will occur or has already been spotted.

So consumers often don't know when their credit-card information becomes vulnerable to thieves. Card issuers typically don't close a customer's account unless fraud appears to have occurred.

The credit-card security rules have proved tricky for smaller merchants, which could explain why restaurateurs are having a hard time with them.

"We're starting to hear now from restaurants that thought they did what they were told, but are discovering [their systems are] not working correctly and are being penalized," says Todd Mann of the National Restaurant Association, a Washington-based trade group representing 935,000 eateries.

Joseph Sanscrainte, a New York lawyer, says one of his restaurant clients was fined more than $100,000 -- an unusually large fine for what he described as a small business -- for storing card data in violation of the rules. He declined to identify the client. "The heat is certainly being turned up," Mr. Sanscrainte says.

Visa last year fined merchants of all sorts $4.6 million for security violations, up from $3.4 million in 2005. Visa declined to disclose a breakdown of merchant types. Visa recently held special security briefings with several hundred restaurants, says Michael E. Smith, a senior vice president at Visa responsible for compliance issues.

Restaurants "are a merchant segment that we believe requires additional attention," Mr. Smith says.

Companies that process card transactions also are increasing the pressure on restaurants, threatening to cut off service to those that aren't complying with their security rules. These processors include Wells Fargo & Co., Fifth Third Bancorp and Chase Paymentech, which is a joint venture of J.P. Morgan Chase & Co. and First Data Corp.

"We haven't turned anyone off yet, but we are ready to do that," says Debra Rossi of Wells Fargo's merchant-processing unit.

Of particular concern to card companies is specialized software used by restaurants that combine many features, tabulating bills, relaying orders to the kitchen and tracking reservations. Card companies can't force software makers to comply with their security rules, so they pressure restaurants instead. Visa posts on its Web site a list of software programs that meet its requirements.

Even with the best software, though, if restaurants "don't have proper password protection or firewalls, they could clearly have a problem," says Peter Rogers of Micros Systems Inc., which makes restaurant software. "It's not really our job to tell the restaurateurs what they need to do to be compliant with credit-card regulations," he adds.

The focus comes amid concerns about credit-card security following a number of high-profile data thefts. In January, discount retailer TJX Cos., which owns clothing chains T.J. Maxx and Marshalls, disclosed it had discovered a wide-ranging security breach that left millions of consumers exposed to fraud after its computers were hacked.

Last month, the Stop & Shop supermarket chain said thieves had tampered with the devices used by customers to make card purchases. Card information was stolen from two stores in Rhode Island, according to the Ahold NV-owned chain."