[jrockway]

The first 5+ digits are public (if the "attacker" knows what bank your card is issued by). Adding 3 digits and a check digit to the mix makes guessing your number all that much easier.

Personally, I am not sure why any digits need to be on sales receipts. Or why I even need a receipt.

[axod]

Don't forget in the UK the vast majority of purchases are Chip+PIN only, so a credit card number is only really useful for making online purchases from other countries, which are usually scrutinized far more by banks.

Also you have the CSV on the back of the card and expiry date. You also have the "Verified by Visa" stuff where you have to enter your password for any online purchase, also you'll usually have to enter the card holders full address.

I agree though, receipts are mainly useless wastes of paper these days, and the less paper with personal details on the better.

Given the massive library of photos available on Flickr, it'd be unlikely that there aren't some credit cards on there - perhaps a credit card left on the coffee table in the background that can be enhanced... Maybe even a credit card in someones very thin see through shorts :/ Wonder how long it'd take to find some examples.

[DrJokepu]

I can't help but feel that the way credit/debit cards work is inherently flawed. About once a year my (UK) bank calls informing me that someone in Malaysia / New York / etc. tried to use my card so they blocked it and sending a new one. If someone steals your wallet (happened to me not very long ago) they get physical access to your card and can spend an awful lot of money online before the bank blocks the card. In the end my bank refunded all my money but still it was a quite stressful experience. And if someone manages to get your PIN (by peeking over you shoulder), you can kiss goodbye to your daily cash withdrawal limit.

I'm no security expert by any means but still I'm sure that it must be possible to design a lot safer system. Of course you can never defeat human stupidity / irresponsibility / malevolence but it should be a lot harder to commit card fraud.

[danudey]

'Don't forget in the UK the vast majority of purchases are Chip+PIN only, so a credit card number is only really useful for making online purchases from other countries, which are usually scrutinized far more by banks.'

It's true. A friend of mine moved to Canada from the UK with tickets bought on her card, changed her credit card's billing address to Vancouver, and called the card issuer to let them know she would be moving.

Immediately after she made her first purchase in Canada, they put a hold on her card. She had to call back to get the hold released, but it was put back on as soon as she made another purchase. This continued until she got a new (Canadian) card.

It's too bad the banks in the UK don't scrutinize themselves.

[jrockway]

That's a good point. In the US, it isn't really a big deal if someone gets your credit card number. You notice a problem, aren't liable for the purchase, and get a new card overnighted to you.

The one time this happened to me, Amex called me to tell me they thought there was a problem. I looked, noticed that there was, and I had a new card / account number the next day. Very convenient, and only an 8 hour or so window where I couldn't use my card.

Someone was careless with my card data, but it didn't matter -- it didn't cost me any time or money. So I guess that's why I don't get too upset about stories like the original article.