I tend to prefer debit when purchasing things. It hasn’t really been a security thing for me; it’s been more of a speed issue. But recent information is compelling me to switch to credit again when swiping at Point of Sale (POS) systems.
There’s new research that shows how easy it is to replace and/or modify POS systems to capture the info right off your card when you swipe.
[ BBC: “Chip and PIN” Possibly Vulnerable to Fraud ]
So we’ve heard of this type of thing with suspect, standalone ATM machines and such, but now it’s being done with standard POS systems, which we use far more often.
Some may say that it’s only a danger in little rinky dink shops and not major stores like Walmart or Target. But think about it. How hard would it be for a professional criminal to get someone hired at a big store and then have them either modify or replace one of their POS systems? Considering the type of people these companies hire, not hard.
I bet there’s a time-sensitive opening right now in which it could be done fairly easily. Perhaps not in six months when the big stores will be watching for it and/or defending against it, but in the meantime I suspect there is a decent amount of vulnerability.
Anyway, even if there isn’t, I’m still going to be switching to credit for a while for a very simple reason. You can’t capture the PIN if you don’t enter it, because it’s not stored on the card. So if you use credit on a compromised POS system they’ll still get your name and card number, but they won’t have your PIN.
I’ll take a slight amount of annoyance in order to avoid even a minimal chance of such a serious impact. Or, to put it another way, the odds of me getting my info and PIN stolen are pretty low, but the hassle of not using the PIN at all is so insignificant that I think it’s worth switching to credit during the pre-remediation phase.: