10-10-2013 06:02 PM
I was reading through the FCRA and found the clause below. I know stores that have given me receipts that show the full credit card number and IIRC, they are small stores like mom and pop shops. I imagine the reason behind the clause below is to prevent fraud as the store keeps a copy of the receipt and anyone can get the credit card numbers if they have access to those receipts.
My question is: How does one go about reporting this and is this something I should worry about? Should I pay in cash now at these stores? Should I do something about it when it happens again?
(g) Truncation of Credit Card and Debit Card Numbers In general. Except as otherwise provided in this subsection, no person that accepts credit cards or debit cards for the transaction of business shall print more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction.
Limitation. This subsection shall apply only to receipts that are electronically printed, and shall not apply to transactions in which the sole means of recording a credit card or debit card account number is by handwriting or by an imprint or copy of the card.
Effective date. This subsection shall become effective -
a) 3 years after the date of enactment for any machine in use before 1/1/2005
b) 1 year after the date of enactment for any machine in use on or after 1/1/2005
10-10-2013 06:21 PM
10-10-2013 06:36 PM - edited 10-10-2013 06:41 PM
This is a big part of the work I do and I can tell you if a store provides you with a receipt showing the full CC number they are in violation of PCI requirements.
PCI stands for Payment Card Industry and that consists of well known friends Visa, MC, Discover etc etc.
I would avoid places like this as it is a solid indication they have not upgraded to current software and best practices for customer information security.
While Mom and Pop stores have a limited place in the convenience store industry for lower volume areas(The mountains of Asheville market comes to mind. Super busy during summer/Fall season then dead for several months before business slowly starts to pick up again) in most cases they dont make large margins so some do struggle but others are just cheap and have the "Im not upgrading" attitude which usually costs more in the long run.
Anyway, always try to use chain stores as the majority of them will do what is required to keep from being a victim of fraud.
Unfortunately, in my experience approximately half of Mom/Pop stores are not PCI compliant and are a low level risk to their customers in my professional opinion. They give the stores paying the $$ to comply a bad name.
If possible use major brand fuel as in Exxon, Shell , BP , Citgo etc. They have stronger compliance standards than the site with no major brand for fuel. This of course does not imply that all unbranded stores are necessarily bad.
As you can see it is a big game of trust and unfortunately the folks with the money are usually the ones in compliance.
10-11-2013 07:37 AM
Huh. This is very interesting information. I need to start paying closer attention to my receipts!
10-11-2013 07:03 PM
At my work, the credit card receipts show the last 4 numbers and it show's " xx/xx " where the expiration date is and were a local small non-profit. We are PCI Compliant, cuz we get charged $20 a month if we are not. Our one and only Merchant Service is TransFirst. Back in 2010 we discovered the previous executive before me had signed up for every Merchant Service who called us, cuz they just go by "Merchant Services" when they call and he fell for it and before we know it we had 5 Merchant Services dipping into our account for one credit card machine leased by a scam company called Northern Leasing, we were paying for Discover and AMEX and they didn't work, probably cuz one Merchant Service was counter reacting the other and we are not PCI Complaint . Our CFO who found this out in 2010 tried to contact all of those companies but didn't get a responce the same day, and so she went to our bank and stopped payment to every last one, which eventually got their attention Then we slowly closed thoses accounts and paid them whatever was owed and switched to a credit card from our bank who does Merchant Services through TransFirst, and everything is great! To this day we still get those calls from "Merchant Services" and I have fun when those people call, I get them to tell me what company they are actually from to trip them up, and the new thing is they sometimes call and say they would like to talk to you about your credit card processing account, next time i get one of those kind of calls i am going to ask them to confirm that last 4 of our Merchant ID and if they can't provide me with it then I will end the call! LOL!
Sorry to post all of that as some of it is kinda off topic of this post!