Checkout Software Security Breaches

The Wall Street Journal covers the theft of credit card numbers from retail point-of-sale software [subscription required]. In a nutshell, several popular POS software packages retain a customer's credit card, including the credit card verification (CCV) number. This of course makes them an attractive target for thieves.
Why on earth are they saving these numbers? Chipotle Mexican Grill was listed as one of the companies that suffered a card number-related security breach. Do they really need your card number after you bought your burrito? I have absolutely no sympathy for these companies — retaining sensitive information for no reason other than "because we can" is just asking for trouble. At our own online store, we never store full credit card numbers, just the last four digits. That way, in case a customer needs to make a return, we can let them know which of their cards they used to make the purchase (we'll still need to have the full card number given to us again to make the refund, which again we won't retain).
On a side note, am I the only person who sees "POS software" and thinks of something other than point-of-sale? How did that acronym get popularized?
via Payment News
By Chris on April 27, 2005 10:02 AM |