Pasta, Meatballs and Credit Card Theft

The next time you go out for some pizza, a nice steak dinner or even a trip to the salad bar, you might get something else with your meal: identity theft.

The most common place for credit card information to be stolen is at a restaurant, according to Visa.

The credit card company, which constantly monitors cardholder transactions and data for fraud, has determined that 40 percent of all credit card theft occurs at dining locations -- more than at any other type of merchant.

Gourmands are not being ripped off by waiters or busboys who quickly copy down their information, although that can happen. The problem is a bit more high tech than that.

Most of the theft actually occurs when hackers break into a restaurant's computer system and download the credit card information.

Visa is now starting to crack down on restaurants and other merchants that aren't properly storing credit card data.

Jennifer Fischer, a director in Visa's payment systems risk and compliance department, said the company was not sure why restaurants were more of a target than other businesses.

The running theory, she said, is that once vulnerability is found at a particular well-known restaurant franchise, crooks then exploit that weakness across the entire chain.

Restaurant Industry Skeptical

The National Restaurant Association, which represents 935,000 food outlets nationally, said it was not aware of many problems and was "astonished" to see such a high figure from Visa.

"I don't think that there is any greater problem in our industry than anywhere else," said Todd Mann, senior vice president of business development for the association. "We have just as much interest as the neighborhood Gap store and others in making sure that we're protecting consumer data."

Mann said that every day 192 million people eat at a restaurant in America and that because of that volume he could see why there might be more cases of theft from restaurants.

Hacking Into Stored Data

The theft problem stems from how some merchants -- including restaurants -- store data.

When a credit card is swiped for payment, several pieces of information are provided. Merchants receive the account number, the expiration date and a verification code that Visa and other credit card companies use to confirm the transaction.

That verification code is not supposed to be stored on the merchant's computer, butt Visa's Fischer said that some companies stored the code.

If thieves gain access to that data, they can create a copy of the credit card that can be swiped at stores.

Visa is going after some of the nation's larger restaurant chains, planning large fines for chains found to be improperly storing customer data.

Visa's top 1,200 merchants -- mostly chains representing two-thirds of its $1.6 trillion in annual transactions -- have until the end of this week to confirm that they are not storing improper data. Those who fail to meet the standard could be subject to fines of up to $10,000 a month, through their merchant banks.

Visa would not identify which chains had been the source of problems.

Last year, Visa levied $4.6 million in fines across all merchant sectors, up from $3.4 million in 2005.

Fischer said Visa was trying to work proactively with merchants, getting them to update software so crucial personal information was not stored on their systems. She said the fines were a last resort.

Page
  • 1
  • |
  • 2
null
Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...