Wednesday, March 9, 2011

An Open Letter to the Industry and Consumers

Today is a wake-up call to consumers and the payments industry. Restaurants across the nation make it very easy for anyone to use credit cards for payment. Seems like a great idea, but there is a serious security flaw that they have overlooked that places consumers in dire risk.

In less than 5 minutes, any unscrupulous waiter can "skim" – or steal – a consumer's financial and personal information right off the card. How do we know? We did it. We posed as a waiter in a local restaurant, and when it came time to pay the bill the customer used a credit card. After handing the card to our agent, they were able to walk away, copy down the card information, and return it to the customer without their knowledge.

Let me explain how easy it is to exploit the vulnerability.

A criminal gets a job at a restaurant. They can then illegally collect personal and financial data from the face of a payment card. It's shockingly simple.

The issue is that customers should be careful who they give their payment card to.

There are hundreds of thousands of these waiters floating out there and more are hired every day. And because anyone can get a job at a restaurant, anyone can masquerade as a legitimate waiter and swipe your payment card. Your card data is then instantly and illegally captured to a notepad, un-encrypted – and voila, you're a fraud victim.

Consumers who hand over their plastic to merchants are unwittingly putting themselves in danger.

Don't take our word for it. See for yourself by going to a restaurant, and watch as the waiter leaves your presence with your payment card.

Today we are handing a copy of our research over to Visa, MasterCard, Discover, American Express, and JP Morgan Chase, and we invite their comments.

Consumer trust is what's really at stake. If the industry allows restaurants and other similar attempts to short-circuit security best practices, it will seriously jeopardize the integrity and security of the payment infrastructure and financial systems developed over the last three decades.

Secure payment systems, like those provided by credible providers which adhere to the highest level of security practices, are critical in protecting consumers, merchants and banks. Without this protection, all commerce – conducted with plastic or mobile devices – is a catalyst for massive personal and institutional financial loss.

There is great promise in the future of mobile payments and our innovations will help drive the industry forward. It is our hope that both consumers and merchants will take it upon themselves to become educated on the security risks involved with some of these experimental payment acceptance methods, and make informed decisions to protect themselves and their customers.

We take security very seriously. Securing payment transactions is what we do, and yes – calling attention to and protecting against these types of security threats to consumers, merchants and banks is our responsibility.

We call on waiters to do the responsible thing and stop accepting payment cards in their establishments.