I was pretty surprised about the risks at gas stations after I read this article. I had absolutely no idea how much information the gas station point-of-sale terminals collect when you use your credit card. Knowing this in addition to the fact of poorly-secured networks at gas stations can give sophisticated hackers an avenue to create counterfeit credit cards. Fortunately, only the sophisticated hackers will know how to acquire this information. While having to go inside the gas station and pay with cash can be a little bit of a hassle, it may be worth the troubles in the long run.

Using a credit card at a gas station could pose more of a risk for data theft than shopping online. Point-of-sale terminals have emerged as a weak link in the security chain, according to a Gartner Inc. analyst.

When a card is swiped, point-of-sale (POS) terminals often collect and store the data held in the magnetic stripe on the back of a credit card, said Avivah Litan, a Gartner vice president and distinguished analyst. Retailers are often unaware that their POS applications collect so much information.

In the hands of sophisticated hackers and counterfeiters, the data collected from the magnetic stripe is enough to create a replica card. “It’s almost more dangerous to go to the gas station than it is online,” Litan said at Gartner’s Identity and Access Management Summit in London on Monday. “The data is just sitting there. No one even thought about what data is on a POS controller.”

Retailers’ network configurations are partly to blame. Many are using the Internet to transmit data in place of dial-up networks, and many have incorporated wireless access points into their networks using WEP (Wired Equivalent Privacy), Litan said, which is not considered a strong form of encryption.[more]

Tags: Identity Theft