In your case, neither your cell phone nor your swiper is storing the data; rather, your customers' info is kept at the gateway and then sent to the credit issuer.
Gateway providers and credit issuers are highly regulated and are required to have lots of security. For example, all their communications must be encrypted.
In the recent Target breach, it's thought that the thieves may have used credentials they stole from the vendor to install malware that placed them right at the card reader – almost as if they were standing over the customer's shoulder in the check-out line.
MacVittie said that if you visualize a hose that's carrying credit card information from the card reader to the payment gateway to the bank, the malware put a "Y" nozzle on the hose right at the card reader. At that "Y," one set of info went to the gateway and a copy of that info went to the thieves. That's the working theory, anyway.
MacVittie said the only way you could get in trouble is if your swiper was somehow compromised before you got it. As long as it's legit and wasn't tampered with, you should be fine.
Doug Johnson, VP of risk management policy for the American Bankers Association, agreed. He added, however, that the October 2015 deadline for the switch to chip technology will have implications for you and other small businesses.
After the switch, if a fraud occurs on a magnetic card that a bank chose not to replace with a chip, the liability for the loss will be on the bank. If, however, a fraud occurs on a new chip card that was accepted by a merchant who didn't upgrade his technology, the liability will fall on the merchant.
So for now, don't worry. But have a talk with your credit card processor before October 2015 to find out how to upgrade your technology to accept the new chip cards that your customers will be using.
- The ABC News Fixer