Credit cards compromised at local restaurants

Jeff Ehling Image
Wednesday, May 20, 2015
Credit cards compromised at local restaurants
If you can access a restaurant's Wi-Fi, hackers can easily access your credit card information

HOUSTON (KTRK) -- Every time your credit card is swiped at a restaurant, criminals could be close by collecting your information.

Hackers are able to steal your information from parking lots or down the road, which is exactly what happened to Kelly Shidler. She paid for lunch with her credit card, but noticed suspicious activity in her account.

"Went to work the next day and checked my banking account and noticed some transactions that weren't mine," Shidler said. "Then we noticed the other transactions were like retailers down the street."

Shidler's card was compromised at the restaurant when they swiped her card.

"The criminals clone their cards, and I'm seeing that they're being used in the area so that tells me it's a local operation," said IT expert Colman Ryan said.

Ryan says criminals are purchasing equipment online to copy credit card information.

"It would be comparable to a thief having locksmith tools. They're legal to have, but when you go using them for criminal purposes, you're crossing the line," Ryan said. "That is a high powered, highly focused, high gain Wi-Fi antenna. Sometimes I can hit the location from over a quarter mile."

Ryan says criminals use sniffer equipment located inside the vehicle to sweep areas to locate networks that are not correctly segmented and isolated.

For consumers, if you go into a restaurant and access their free Wi-Fi, the business is using the same network to process customer transactions. Every time a card is swiped, that information passes through the Wi-Fi network which customers have access to. When that happens, criminals with the right tools are able to collect all of that information.

"They could be down the street, setup shop, do it very covertly," Ryan said. "The business just needs a competent technician to do some penetration testing on their network."

It has not happened at the restaurant Island Grill in Houston, but to make sure it doesn't in the future, they updated their point of sale systems.

"It's important for us to keep that information secure because of credit card information that's stolen and used," Island Grille manager Joseph Gonzalez said. "With the new system we have now, it's totally secure. It keeps anything like that from happening."

According to the Payment Card Industry Data Security Standards, if a retailer is compromising customer information with an unsecure network, there may be penalties.

"Is the responsibility of the merchant. If they are negligent, they can be fined," Ryan said.

Experts suggest to start using credit cards enabled with EMV chip or RFID technologies. By October 2015, retailers will be required to become EMV compliant. If not, they will be at risk of being liable for fraudulent transactions.