Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Payment card frauds can take place anywhere, from gas stations, to convenience stores and restaurants. Restaurant-goers are especially vulnerable as good food and good company can lead to people being caught off-guard. Plus, no one expects the waiters at a quaint, family-owned bistro will try and rob you.
Going out for meals doesn't have to be a security headache though, and there are simple enough ways for you to protect yourself and figure out whether it's safe for you to use your card at that establishment.
Here's a checklist of things to look out for while using your card in a restaurant.
For many people, covering the key pad (of the PoS, PED, Standalone Dial-Out terminals etc...) when you're entering the PIN of your payment card is standard practice when they use cash machines as you don't want that information being passed on to any nefarious people. But the last place we expect that to be necessary is at a restaurant.
Unfortunately, it's just as important at an eatery as it is anywhere else. Not only could someone be watching you – whether that be the restaurant's owner, the table staff or even a nosy person at the table next to you – but many restaurants are fitted with cameras anyway, for their own security reasons, and should anyone look at that footage, your PIN could be fall into the wrong hands.
You should never ever, under any circumstances, let the waiter walk away with your card, not even for a minute.
However, you don't know what that waiter could be getting up to with your card, they could be skimming information, or writing down all of your card details (both the number and the security code); information that can be used to clone your card or make unauthorised purchases.
As card-reading devices and terminals are almost everywhere, most of us don't pay them much attention, especially as we don't expect to be at risk for credit card fraud but it's important that you look at the card reader and assess whether it looks unusual or not.
Suspicious card readers may have a skimmer attached - this can be identified by looking at the card slot of the machine. If something appears to be attached to the card slot on the device, that may be a skimmer attached and you should not use it.
Furthermore, you should look for signs of tampering - is there any evidence that the device has been forcibly opened? For example, are there scratches, or marks that look like they could be from a screwdriver? If yes, then you should ask the appropriate questions and get a proper explanation or you should not use that device.
If you have a smartphone or a tablet, that you have taken with you to the restaurant, then you can use this as an added security measure. Going into the Wi-Fi settings of your phone or tablet, you should look for a list of the Wi-Fi networks within range. Many restaurants offer free Wi-Fi to their customers and so Wi-Fi that's called Mickey's Bistro's Customers is perfectly normal but other Wi-Fi networks that are perhaps called POS (Point of Sale) Network or something similar should be scrutinised.
Many card readers are connected to the Internet in some way, but if the Wi-Fi network it's attached to is visible then it could have been infiltrated by a malicious user who is capable of accessing the data transferred by the machine. On the other hand, a malicious user may have set up a Wi-Fi network of their own at the restaurant and is using that to intercept and gather data. Both are incredibly concerning so if you notice something you're unsure about – ask a member of staff.
And finally, you should ask the owner about PCI DSS compliance. On the areas that the PCI (Payment Card Industry) DSS (Data Security Standard) covers is that businesses that accept card-present type of payments are watching the physical security of their terminals. Some of the requirements involve not storing any payment card information on paper and training staff so that they understand how to spot tampering or those who may want to tamper with devices (PCI DSS requirement 9.9).
While table staff and chefs may not have all of the answers about PCI DSS compliance, the owner should be able to give you a detailed rundown of how the restaurant is PCI compliant. If they are unable to do that then it may be the case that they are not PCI compliant and completing a payment at that establishment may be unsafe.
Having read through this article, and having learnt the dangers of frauds related to card-present type of payments, you’re probably wondering how you can help them make sure that they keep their customers safe.
If your favourite restaurant is unsure how they can put proper security measures in place then tell them about ZeroRisk PINpoint. With ZeroRisk PINpoint, the restaurant’s owner can keep track of their card reading devices, ensuring that attempts to conduct payment card fraud don’t go undetected and the restaurant owner can stop them before before you, or your fellow diners lose money.
Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.
My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.