National retailers improved their credit-card-data security practices, but safeguards at smaller merchants lag those of their larger counterparts, according to a security group.
Financial Services Information Sharing and Analysis Center (FS-ISAC), which is an industry forum on financial-services security, issued an alert in July 2015 that advised small merchants on how to secure their point-of-sale terminals, which is where credit cards are swiped.
Many retailers’ card-processing systems have remote-access capability, so the seller of the system can perform maintenance or update software. However, some retailers don’t change the factory-set password or fail to erase login data for ex-employees, which makes it easy for hackers to get in, FS-ISAC says.
Merchants who install point-of-sale terminals that accept cards that have a data chip are far less likely to have problems than are those that accept magnetic-strip cards, says Cleveland Brown, who is the CEO of Payscout, which is a payment-processing company. Chip cards allow the transaction data to be “tokenized,” so no record of your account number remains in the merchant’s system. That leaves little for hackers to gain if they break into a system.
Chip cards still have a magnetic strip, however, so they can be used at merchants that haven’t upgraded their card-reading equipment. You should consider paying with cash at those merchants, two experts tell us.
Unfortunately, Forrester Research reported in April 2015 that it expects small merchants will be slow to upgrade their point-of-sale terminals, because each terminal costs $250–$600 to upgrade.