I just returned from a long weekend vacation in the Canadian Rockies. The weather was perfect, if not warmer than expected, and the views were beyond spectacular. My girlfriend and I generally prefer to camp, but since this was our first trip to the area, we decided to go a more touristy route; we rented a car and stayed at hotels in and around Banff National Park. This meant we wouldn’t be making meals over a camp stove, but instead spending a lot of time dining out – breakfast, lunch, dinner, and cocktails at different restaurants every day. We’re no strangers to dining out – we’ve gone through the motions of paying our bill more times than either of us care to count, but virtually every time we were met with an awkward exchange – one of us handing the server a card while the server tried to hand us the card reader – not the mobile dongles linked to a tablet or phone, but a full-featured card reader right there at our table.
The card reader itself wasn’t unusual, we actually offer one of the more popular hand held units, the VX 520 – a unit I’m sure I used a number of times during my vacation, It was how it was being used and once I got used to being handed the card reader – rather than giving the server my card – I realized how much sense this actually makes.
The benefits are clear – your credit/debit card is never taken to a POS machine on the other side of the restaurant, or held behind the bar until you cash out, you’re always in possession of it, which means there is virtually no opportunity for a bad actor to steal your card numbers or quickly skim your card. I couldn’t find any reliable stats, but based on personal experience, this just isn’t the way restaurants and bars do it in the US. In fact, I would be shocked if 10% of bars and restaurants are using hand held readers in this fashion, which isn’t all that surprising considering it took a series of massive data breaches for retailers in the US to implement EMV (chip cards/readers), and that, despite the suggested deadline of October 2015, many retailers in the US still don’t accept chips.
While this process improves security for the vast majority of customers by better securing transaction details and eliminating the opportunity for a rogue employee to skim a card or copy card numbers, it doesn’t prevent a thief from using a found or stolen card because the second step in authentication is not a PIN, but a signature, and as Adam Conover hilariously illustrates, your signature on a receipt is meaningless.
And, yes, someone could know, or figure out, your PIN, it is at least a second method of authentication. Why don’t we use the Chip and PIN method for credit card purchases? Well, retailers argued that requiring customer to remember an additional PIN was simply be too much to ask. (Isn’t it sweet that retailers are always thinking about us?) The reality is retailers were concerned that they might lose some percentage of sales to folks who couldn’t remember their PIN and would lead to frustrated shoppers.
With the talk of cards incorporating biometric authentication and other new technology in an effort to make shopping with card safer, it seems that one simple solution to a costly problem is to do what is already common place in Canada and Europe: don’t take the customer’s card, bring the card reader to the customer.
Like what you’ve just read? Why not subscribe to the Blue Dog Blog?