Conversations with security experts often leave me paranoid, and my recent chat with Gartner’s Avivah Litan was no exception. We were talking about how banks try to spot fraud with credit and debit cards, and she tossed in an aside about how easy it is for bad guys to swipe data from gas pumps.
Apparently, many older gas pumps don’t encrypt the PINs you enter when you use your debit card. If a criminal can get a key to open the pump—not all that hard to do if you have a disgruntled or otherwise cooperative gas station employee to help—then a card-skimming device can be installed inside to scoop up the PINs along with the information contained on the magnetic stripe.
So far from being safer to use at the pump, as this horribly incorrect Yahoo! Answers entry contends, debit cards can be far more vulnerable than credit cards. A bad guy with your debit card info and PIN can swipe money directly from your bank account. (The criminal gang that compromised debit cards at Michaels recently did exactly that.) With a credit card, on the other hand, you don’t have to pay bogus charges. Those are typically removed as soon as you report them, while a compromised bank account may take weeks to fix.
A couple of years ago, VISA made a push to require that all newly installed gas pumps encrypt this crucial data, but gas station owners howled at the idea of retrofitting older pumps at a cost of around $10,000 each. So many pumps still lack encryption.
I don’t know about you, but the few pennies I used to save at the debit-only gas stations aren’t worth potentially compromising my bank account. Until gas station owners fix this issue, I’m sticking to my credit card.