Tweet
BEWARE the Remote CC Readers
I've seen several discussions over the years in regard to the lack of security in remote credit card readers. These are more commonly used abroad, but you will still see them occasionally in the States.
For those unfamiliar with the concept, the devices are essentially remote credit card readers that are powered through a localized wireless network that allows wait staff to take payment at your table in a restaurant, for instance. It saves the time and hassle of taking the card to the front of the facility, processing it there and returning to the table at a later time. This would seem desirable, especially since you have full sight of your credit card at all times.
However - and this is a big however - beware of the lack of security to which you are exposing yourself. The device itself may be secure, requiring user login, etc., but the wireless network often is not.
As an example, I recently traveled to South Africa. Beautiful country in many ways, but many of the restaurants - at least in Jo'burg - work off the public broadcast ISP. Needless to say, I was not surprised to find a couple grand in illegitimate charges to my card when I got home. I worked it all out with my bank to ensure that the charges did not hit the account, but it got me thinking about how to better protect myself when working with these devices in the future.
1. It would be simple enough to work with waitstaff and take your card to the frint of the establishment to a wired connection for payment. Most will probably have this, as they would need a backup in the event that the wireless goes down.
2. Be a bit old-fashioned, and carry local currency or traveler's cheques. They have their own security issues - and being a techie guy, I have issues with not being paperless - but at least it would ward off the demons I confronted.
3. Make sure you use the same card at all times. Doing so would limit your exposure to a single point of failure and ease your audit of the transactions after-the-fact.
Just some thoughts that I felt I would share.
Happy Spending (or saving)!
For those unfamiliar with the concept, the devices are essentially remote credit card readers that are powered through a localized wireless network that allows wait staff to take payment at your table in a restaurant, for instance. It saves the time and hassle of taking the card to the front of the facility, processing it there and returning to the table at a later time. This would seem desirable, especially since you have full sight of your credit card at all times.
However - and this is a big however - beware of the lack of security to which you are exposing yourself. The device itself may be secure, requiring user login, etc., but the wireless network often is not.
As an example, I recently traveled to South Africa. Beautiful country in many ways, but many of the restaurants - at least in Jo'burg - work off the public broadcast ISP. Needless to say, I was not surprised to find a couple grand in illegitimate charges to my card when I got home. I worked it all out with my bank to ensure that the charges did not hit the account, but it got me thinking about how to better protect myself when working with these devices in the future.
1. It would be simple enough to work with waitstaff and take your card to the frint of the establishment to a wired connection for payment. Most will probably have this, as they would need a backup in the event that the wireless goes down.
2. Be a bit old-fashioned, and carry local currency or traveler's cheques. They have their own security issues - and being a techie guy, I have issues with not being paperless - but at least it would ward off the demons I confronted.
3. Make sure you use the same card at all times. Doing so would limit your exposure to a single point of failure and ease your audit of the transactions after-the-fact.
Just some thoughts that I felt I would share.
Happy Spending (or saving)!
Comment