An investigation into credit card information disclosure through Point of Sale purchases

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

The use of debit and credit cards has become indispensable to consumers worldwide. This cashless method of payment offers flexibility and convenience. It eliminates the safety risk of carrying large cash amounts in person and cards can be cancelled as soon as it is lost or stolen. One of the most popular methods of non-cash transactions is through a Point of Sale (POS) terminal. A POS is a quick and convenient method for a customer to pay a business, but may lead to the disclosure of sensitive information without the knowledge of the customer. By investigating the information printed on the customer and merchant transaction receipts at various POS devices in South Africa, it is shown that information provided on the POS transaction receipts can put the consumer at risk as the credit card number, expiry date and name of the card holder may be printed on these transaction receipts. This paper investigates various POS devices used by South African businesses and the relevant information printed on the merchant and customer transaction receipts after a transaction. It is shown that the information contained in the transaction receipts from certain POS terminals is sufficient to perform successful online purchases at multiple online shopping sites. We also show that when the CVV number on the back of the credit card can be obtained while the transaction is in progress, even more online shopping sites can be successfully used without the authorisation or knowledge of the credit card owner.

Original languageEnglish
Title of host publication2015 Information Security for South Africa - Proceedings of the ISSA 2015 Conference
EditorsMariki M. Eloff, Steven Flowerday, Hein S. Venter, Marianne Loock, Marijke Coetzee
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781479977550
DOIs
Publication statusPublished - 20 Nov 2015
Externally publishedYes
EventAnnual Information Security for South Africa Conference, ISSA 2015 - Johannesburg, South Africa
Duration: 12 Aug 201513 Aug 2015

Publication series

Name2015 Information Security for South Africa - Proceedings of the ISSA 2015 Conference

Conference

ConferenceAnnual Information Security for South Africa Conference, ISSA 2015
Country/TerritorySouth Africa
CityJohannesburg
Period12/08/1513/08/15

Keywords

  • Point of sale
  • disclosure
  • personal information

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'An investigation into credit card information disclosure through Point of Sale purchases'. Together they form a unique fingerprint.

Cite this