Pay at the Pump
January 21, 2008 8:08 PM   Subscribe

Can gas station attendants access my credit card number when I pay at the pump? Similarly, can any normal cashier/bagger/checker/etc. at a store with a self-swipe console charge my account after I have left?

Of course, the store's corporate computer needs my number, but it seems like the point-of-sale employee is outside the transaction. Nevertheless, I have been paying with cash more often in an attempt to reduce my risk of unauthorized charges. Am I being overly cautious?
posted by pheideaux to Work & Money (13 answers total) 2 users marked this as a favorite
Yes. You are most likely to get your card number swiped at a restaurant, where you lose track of where your card is. Employees used to double swipe - make a copy using their own knuckle-buster and then run the real transaction to steal account info. I think now it is much less common.

As someone who has worked several retail jobs in the past 5 years, never have I ever had any way to access anyone's credit card info at a self-swipe OR when we swipe it for them.

Be more worried about JCPenny than the gas pump :)
posted by jesirose at 8:22 PM on January 21, 2008

Ugh, the yes was to your last question, not the first. Just to be clear.
posted by jesirose at 8:23 PM on January 21, 2008

I don't think it is. If you swipe your own card and have no trouble, there is no way that a cashier or bagger would be able to obtain that information. Your card number is encrypted so that it becomes a bunch of x's on the receipt, both yours and the control receipt.

Having worked in retail I can tell you that most employees are way too busy and handle way too many card transactions to care enough to steal your information. As far as we're concerned, it's just a number. I'd be more worried about your bank selling your information to telemarketers (which, according to my mother, ended in her card being charged for something she never ordered).

Of course, most employees in all these situations are reputable and wouldn't risk their jobs over something like that.

I don't think you have anything to worry about.
posted by mynameismandab at 8:33 PM on January 21, 2008

Every standalone credit card terminal that I've used require swiping the card or manually entering the number to make or reverse a charge. There were commands to print transaction summaries, but they never included the full credit card number, just the last 4 digits or the card and a transaction number. For any legitimate changes (reversals or downward adjustments), the transaction number is the only thing needed.

Anyway, yes, you are being over cautious. If you are using a credit card (not a debit card), your maximum liability for fraud is $50 and most companies take care of everything. Just be sure to read your statement carefully every month, sign up for online fraud alerts if your credit card issuer offers them, and relax.
posted by indyz at 8:37 PM on January 21, 2008

There have been cases where stores have their swiping machines compromised. A bunch of stores in a Vancouver-area mall didn't even know, but it was a big story this summer.

Also, a friend of mine had his info. stolen somewhere and then a bunch of cash taken from his account, but his bank did restore it.

These are relatively rare though; if you're worried, chargebacks are easier on your credit card.
posted by SoftRain at 8:43 PM on January 21, 2008

I was a lowly floor clerk and I had access to the store's electronic journal which, when printing duplicate receipts for a customer, the full card number would be listed on the duplicate. We would draw a big black line over it when whenever a customer asked for a duplicate but it was pretty common knowledge that we could get account numbers that way.

And when I worked for a pizza franchise we ran end of day reports that listed all the account numbers used that day and any savvy employee could reprint previous days reports too.

Now, both my situations are based on specific point-of-sale systems that are used. There are more advanced and secure systems out there, but knowing my company and others like it, they are at least 5yrs behind the curve, it's a cost cutting issue.

Any number you use on a daily basis is at risk of being stolen, the best protection of this is checking your balances DAILY, preferrably two or three times a day.

Being aware is golden.
posted by M Edward at 8:53 PM on January 21, 2008 [2 favorites]

In the last retail job I worked, when a customer swiped a credit card at the terminal, the account number would briefly pop up on my screen which I could clearly see. The thing is, though, the account number by itself won't get you very far. For most purchases, you would also need the expiration, security ID, and a matching address (or at least ZIP code), none of which were revealed to me. It's been the same in all retail jobs I've worked.

I'm seeing more and more self-swipe card mechanisms out there, and I become increasingly wary of using them when they're not under constant supervision. It's a relatively known scam to fit an ATM with skimmer that looks like it's supposed to be a part of the machine. I think this kind of thing is what you should really be worried about.
posted by joshrholloway at 9:25 PM on January 21, 2008

Here in Mexico City, it's been such a problem that in most restaurants they actually bring a handheld card machine to your table and process the transaction right in front of you. So yes, the tech is out there to grab your info when your card is out of sight, but I don't know if it is as common north of the border.
posted by lovejones at 10:57 PM on January 21, 2008

What Softrain said: your bigger problem here is actual ID thieves compromising the terminals and getting your card number *and pin*. When working restaurants, anyone with administrator access to the managers' computer could get the full numbers. That was the restaurant manager, the front-of-house manager, the office manager, and a couple part-time administrators who did the office manager stuff on weekends. Without the expiration date and billing address, I wouldn't be able to do anything with that information if I'd ever tried to parse it as more than a long list of numbers whose last four digits I had to match up with all the ones on my receipts.

I've typed my billing address a little differently from what was in the system before and had a credit card declined online because of it--then had a rep call my home phone to make sure I was the one trying to use the card number within 5 minutes. Similar things have happened with our debit cards for Alaska USA FCU and USAA. I get the feeling a lot of banks are pretty careful about that kind of thing these days--I'd only worry if someone might be able to make an actual copy of the card *and* have your PIN.

Checks are far less secure; I could use an electronic check from another account online without nearly as many backup protections to make sure it was my check.
posted by Cricket at 11:17 PM on January 21, 2008

I think the only thing to be concerned about is watching for mysterious attachments affixed to any self-swipe scanner. Check out this story. I think this kind of crime is extremely rare, but it's something to be aware of.
posted by crapmatic at 12:44 AM on January 22, 2008

I used to work at a builders merchant, and we could get full access to a customers credit card details. It was all kept in plain text on the computers, right next to an itemised list of what they had bought.
posted by Solomon at 3:48 AM on January 22, 2008

Our credit card was compromised last summer while we were vacationing in Alaska. The weird thing is, and what I can't quite understand, is why whoever stole our number arranged to have many strange things sent to OUR address. Wouldn't it make more sense for them to order stuff for themselves? We got sent several types of cosmetic product, duplicate copies of a book about Princess Diana (and a membership in an online book club) and I can't remember what else. Stuff we never would have bought ourselves. Was this just a malicious prank?
posted by jvilter at 4:54 AM on January 22, 2008

Checks are far less secure

You have zero fraud liability if someone forges your check, though.
posted by oaf at 5:29 AM on January 22, 2008

« Older Why is McEnroe stopping me from picking up iron?   |   How can I move to Spain for a couple of years? Newer »
This thread is closed to new comments.