I spend a lot of time on the road, and I wanted to highlight a good experience I had (twice!) in the Houston Intercontinental Airport (IAH) over the past two days. When I was on my way to and from the OWASP Montgomery meeting where I spoke yesterday I went through IAH. Rather than signing my credit cards, I tend to write “CHECK ID” on the back so that cashiers (in theory) will ask me for my driver’s license and verify my photo ID alongside my credit card and perhaps even check my signature as well. This happens about 1% of the time – most folks just take my (unsigned) credit card and complete the transaction. However, on both of my trips through IAH the food court workers both asked me for my ID and took a couple of seconds to check my photo on the ID and match the name to the card. Fantastic! The system works! 1% of the time…
I’m sure all the work that we do at Denim Group helping organization meet the requirements of PCI compliance helps to prevent data breaches and reduce credit card fraud. But we are kind of swimming upstream if the “endpoint security” of all the workers arbitrating in-person credit card transactions is simply not working.
dan _at_ denimgroup.com