Last year a taxi-patron was able to hack into a car's computer system, discovering people paying via credit card would have their information stored locally, right there for any enterprising passenger - or driver - to access. As if getting punched in the face for using plastic wasn't enough to worry about!
Yesterday, the NY Sun reported one credit card technology provider would change "its security policies" after this discovery. VeriFone is responsible for 45% of the touch-screen payment units and admitted drivers have access to itemized transaction logs: "[Up] until recently, those merchants had only to type in a user name and password on VeriFone's Taxitronic Web site and click through a list of truncated credit card numbers to receive the full, unencrypted numbers and expiration dates of customers' cards."
Now only the taxi fleet owners will have access to the information, and not each individual driver (though we'd be curious if the screens can still be hacked). Verifone VP Dave Faoro claimed the recent change "was on the business side, not a security thing." The NY Taxi Worker Alliance's very own Bhairavi Desai addressed their change by saying, "I don't know why fleet operators would be more trustworthy than an owner-driver. So many fleets have so many employees that would still have access to information that should be secure." Yeah...so we're gonna keep paying cash.
UPDATE: VeriFone contacted us to say "The NY Sun story was referring to an online system that is accessible only by participants classified as merchants," and that credit card information was not housed in the system in the cab and accessible to passengers.
Photograph from an error occurred while processing this directive
