[hartez]

Sadly, I can :)

Just a few years ago I looked at my receipt from a local Dairy Queen and it had all but the last four digits printed on it. I complained to the guy behind the counter, who didn't see the problem.

I assume most new POS systems nowadays don't even have the option to print anything but the last four, but there are still some out there in the wild which do. Which is why I still shred all my receipts.

[lmm]

It really shouldn't be a problem. In my teenage years I could memorize a 16-digit number from seeing it once; I can't be the only one. If credit card security depends on keeping the big number printed on the front secret then it's doomed to failure.

[hartez]

In this case it's not as much about keeping it secret (since anyone who sees/handles it might have the number memorized or recorded) as it is reducing the attack surface. If the full number is on a discarded receipt (or on any combination of two receipts) along with my signature, anyone with access to my trash now has a big chunk of the info they need for identity theft.

I'm not saying that obfuscating the first 12 digits on a receipt solves the problem; just that it's a very minor adjustment that makes things more difficult for the attacker. But some organizations are still failing at even these most rudimentary steps.

[danweber]

Compared to the other things we're talking about, fraud on credit cards is largely a solved problem. (Yes, there are issues, and I'm sure people actively working on the problem don't consider it solved.) Credit card fraud puts out the consumer $50 at most.

But someone got the bright idea to attach other things to your credit card information, like your entire MacBook.

We need to burn down the entire concept of "security questions" and start over from scratch.

[kalleboo]

I would actually love to be assigned a secure credit card. Remove the number on the front, and remove the magstripe (the countries I visit all use chip-and-pin now)

[devcpp]

Did anyone ever show you his credit card "okay but just once"? I doubt so. The big number is indeed supposed to remain as secret as possible to avoid trouble.

[jlgreco]

Ever use a credit card? You are almost always handing them over to other people; often times they even leave the room with it for several minutes.

[desas]

In the UK at least you should never have to hand it over. You insert them into the chip and pin device yourself. A lot of places will do this for you but only in plain sight.

[jlgreco]

Well, in the US it is common to hand your card to servers after your meal who will then carry it off to the register (wherever that may be, usually not visible) and bring it back to you with a receipt.

The UK may have a better protocol, but that doesn't change the fact that for a significant population, the number on the card is really anything but private. Certainly Apple should know this, being based in the US...

This is usually ok since credit card companies have the whole fraud thing figured out for the most part. It only becomes "not ok" when companies like Apple make them into something that absolutely needs to be secret.