More silly credit card security

10 Oct 2006

After posting about the insecurity of credit card activation schemes, I remembered another pointless security “feature” that’s coming into vogue now. When I use my cards at some gas stations, I’m asked to enter my billing zip code.

Supposedly this is to keep the bad guys from using a stolen or lost card to buy gas. Credit cards don’t have a PIN number or any other secret code, so the use of a zip code was apparently dreamed up as a pseudo-secret code.

It seems to me that the most common way a physical card winds up in the hands of the bad guys is if it’s in a wallet that’s lost or stolen. And in that wallet, right next to the credit card, you can usually find a driver’s license. Which of course, has your zip code on it.

William Chapman
April 23, 2008 2:31 PM

Pseudo-secrete credit card code? I don’t think so!

I agree, I have also noticed the same thing happens when you rent a movie at a Red Box. I haven’t quite figured out why I am required to enter my zip code in order for the transaction to to processed.

I will argue that in as much as the idea of entering your zip code could be effective in making sure that who ever is using the credit card is actually authorized to do so, the chances someone using your credit card for purchases at a Red Box for example or at a gas station that requires you to enter a zip code at the pump is very, very small.

Lets face it, if you were to loose your credit card, it would probably would have been lost together with an ID of some kind that you keep along with the credit card in your purse, bag… etc. So asking for zip code wouldn’t necessarily prevent an unauthorized user of the credit card to successfully use it.

It seems as though who ever came up with this idea is operating on the idea of just being able to help at least one identity theft victim our of a million.


Your comments:

Text only, no HTML. URLs will automatically be converted to links. Your email address is required, but it will not be displayed on the site.

Name:

Not your company or your SEO link. Comments without a real name will be deleted as spam.

Email: (not displayed)

If you don't feel comfortable giving me your real email address, don't expect me to feel comfortable publishing your comment.

Website (optional):

Follow me on Twitter

Lijit Search

Best Of

Recently Read

Get More

Subscribe | Archives

Recently

Who knew there was a term for this? http://en.wikipedia.org/wiki/Malicious_compliance (Mar 16)
Who knew there was a term for this? http://en.wikipedia.org/wiki/Malicious_compliance Mar 16, 2010 2 :49 via...
Ideas, Risk, and Investors (Jan 1)
Over at SacStarts, I have piece up discussing a common question I get from entrepreneurs....
VoiceXML for web developers (Dec 17)
Building voice applications isn't hard at all. Any web developer can do it.
De-skunking a dog (Oct 27)
How to clean up your pet after a skunk attack.
Pressure sales via Twitter (Oct 16)
Sticking an ad in my face when we first meet is a good way to lose my interest.
Loma Prieta, 20 years later (Oct 13)
Looking at the earthquake from October 17, 1989
Red light cameras don't work (Oct 13)
Cameras installed to catch people running red lights aren't about traffic safety at all.
Jack-o-lantern pumpkin carving patterns (Oct 12)
It's a tradition, what can I say?

Subscribe to this site's feed.

Elsewhere

IMified
Build instant messaging applications. (My company)
SacStarts
The Sacramento technology startup community.
Pinewood Freak
Pinewood Derby tips and tricks

Contact

Adam Kalsey

Mobile: 916.600.2497

Email: adam AT kalsey.com

AIM or Skype: akalsey

Resume

PGP Key

©1999-2010 Adam Kalsey.
Content management by Movable Type.