March 28, 2007 — -- The next time you go out for some pizza, a nice steak dinner or even a trip to the salad bar, you might get something else with your meal: identity theft.
The most common place for credit card information to be stolen is at a restaurant, according to Visa.
The credit card company, which constantly monitors cardholder transactions and data for fraud, has determined that 40 percent of all credit card theft occurs at dining locations -- more than at any other type of merchant.
Gourmands are not being ripped off by waiters or busboys who quickly copy down their information, although that can happen. The problem is a bit more high tech than that.
Most of the theft actually occurs when hackers break into a restaurant's computer system and download the credit card information.
Visa is now starting to crack down on restaurants and other merchants that aren't properly storing credit card data.
Jennifer Fischer, a director in Visa's payment systems risk and compliance department, said the company was not sure why restaurants were more of a target than other businesses.
The running theory, she said, is that once vulnerability is found at a particular well-known restaurant franchise, crooks then exploit that weakness across the entire chain.
The National Restaurant Association, which represents 935,000 food outlets nationally, said it was not aware of many problems and was "astonished" to see such a high figure from Visa.
"I don't think that there is any greater problem in our industry than anywhere else," said Todd Mann, senior vice president of business development for the association. "We have just as much interest as the neighborhood Gap store and others in making sure that we're protecting consumer data."
Mann said that every day 192 million people eat at a restaurant in America and that because of that volume he could see why there might be more cases of theft from restaurants.
The theft problem stems from how some merchants -- including restaurants -- store data.
When a credit card is swiped for payment, several pieces of information are provided. Merchants receive the account number, the expiration date and a verification code that Visa and other credit card companies use to confirm the transaction.