If you are a Mumbai local, I am sure you would have visited Westside - one of the famous retail shops. I happened to bump into their store in Andheri(W) Infinity Mall and to my surprise, when I gave my credit card for swipe, they swiped it twice. :(
- Once on the processing machine and second on his computer.
I asked the fellow, "Why are u swiping my card twice?"
He replies, "Sir, we need to store your card information for tallying it at the end of day."
I was really disturbed by this. They stored my name, card number and expiry date. Only thing remaining was the CCV number. Remember this is generally a 3 or 4 digit number usually at the back of the card.
I am surprised that these merchants are allowed to store credit card information. No PCI compliance required ??
I felt like calling up the media - Mumbai Mirror, DNA or Times and yelling them that see these guys....what are they upto ?? Why the hell are they storing credit card information and if they need it, why is is not encrypted??
A hacker's mind would surely think of compromising their database having thousands and thousands of credit card holders information.
To add to all my fuss that day, they gave me a printed receipt to sign off and that too printed my entire credit card number (none of the digits were masked) and even the expiry date.
I am sure there are many such places in mumbai where credit card information is stored and is highly likely for hackers to get inside them very easily. If the merchants or shop owners do not bother to care about the credit card information, they must be banned from handling these transactions.
I wanted to raise my voice for all the people who actually opt for credit card transactions. Please make sure and shout if you find they are storing your credit card information. If they are swiping the card twice for their sake. This is illegal.
Visa / Mastercard and other card issuers must look into this matter asap.
Please send in your comments and let's raise this to get in media of possible and spread awareness.