I am a person that tends to look at situations with a… how would you put it…. cautious eye? Anyway, Katie and I went out to get some beers and food at Legal Seafood near long warf yesterday and when I presented my credit card to pay I was handed a wireless card swiper.

The thing is a little pin pad basically, and it lets you choose the tip amount or percent you want to tip and then figures out the total etc. Then the little device asks you to swipe your card and sign the receipt that it prints out.

All I could think about though was if the swiper was secured or not. Like, if I swipe my card, where the hell is the information going to end up? is it plain text? is it wep encrypted? or some other weak encryption? how do I know this is secure? well I didn’t, at all. But I was too drunk to put up much of a fight and went about biting my tongue and swiping my card anyway.

Later when I got home I asked one of my roommates, who happens to be a waitress at Legal Seafood, about the swiper things. She didn’t know much about them in the technical sense, but said that they had to use them. It was a mandate from their corporate office. She even said that if they didn’t use them they got in trouble!

I understand why they have these little devices, it makes customers feel more secure because their credit card never has to leave the table like in the past. But are these people thinking about how their credit card is being charged? that potentially anyone sitting withing range of this device could be stealing their credit card information even easier than before?

Let’s consider the old way for a moment and security implications associated with that. First the waitress/waiter would come to the table with the check and take the credit card back to a reader, scan the card and print out a receipt. Then they would return the card/receipt to the table to be signed and for tip to be added.

How is this vulnerable to attack? Well, the waitress/waiter could be crooked and copy down your information. This is probably the greatest risk in this scenario, its easy to get away with for the crook and not necessarily easy for you to spot right away. However, it does make the crime “personal” and probably less likely for someone to commit because they could be recognized, etc. This is also vulnerable to a wiretap, a bad guy attaches some sort of mechanism (mechanical or software) to the employee terminal that collects data as the card is swiped and while the legit transaction takes place, the information is also sent off to a secondary party which could then use the information for nefarious purposes. A wiretap or hack of this type is also unlikely because it requires technician access to the terminal and a high level of understanding of how the terminal works. Those two things make this attack very not likely, but possible.

Now, the new way, pay at your table. Customer swipes card and pinpad broadcasts credit card number, expiration date, and name OTA to a base station or terminal that interprets the information and processes the charge immediately. Now if I’m an attacker, I could be sitting out side the restaurant passively collecting packets that are bouncing between the pinpad and the base station. Yeah the packets that have your cc number, expiration date, and your name in them. And thats it. You’re owned.

With further google-ing I found the website for the company that makes the device, Ingenico. They claim, “The integrated High Security Core (HSC) offers different levels of security, meeting the most demanding requirements of payment transactions (PCI PED, ZKA…). It has a 32-bit processor to support powerful encryption (RSA, DES, 3DES…), thus ensuring confidential data is secure.”

Well thanks for that wonderful bode of confidence Ingenico. A most likely half baked proprietary encryption scheme. I’ll be sure to always trust the HSC with all my PEDs and my ZKAs. I am also alarmed when they say, ”...offers different levels of security…” So does that mean that irresponsible shop owners could potentially turn encryption off? I could easily see this scenario: the devices aren’t working properly, the restaurant is full and someone says, “Quick turn off encryption just for a little bit till we figure it out!”

ps- i thought this was funny, right before you swipe your card it offers two choices, cancel and fake. wtf does the fake button do??