SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Cash Over Credit


What does cash over credit have to deal with security? An awful lot, as it turns out.

Personal Story: Mere days after my family and I enjoyed a meal from this eating institution, I learn that there has been a potential data breach.

Let's assume the organization did everything right with respect to storing the data. If any credit card info was stored it was encrypted. Transmission of the sale and any records to be stored were sent across the network encrypted. We're good, right? Not exactly. Why not? Because the attack was against the Point of Sale (POS) systems - the "cash" registers. Malware was found on POS devices across a number of locations. Those locations included the one my family went to for our meal.

Attacks against POS devices are becoming more and more common. After all, they are running common computer OSes. Step up behind a kiosk at a mall when the person sitting there isn't make a sale and is bored. You'll usually see Internet browsing or a game of solitaire. And if you look close, you'll see a desktop OS you're familiar with. Most POS devices run common OSes now. And that makes them susceptible to malware. For most organizations, gone are the days of the mechanical cash register.

Back to the scenario, we could have paid for our purchase with either a credit card or with cash. If we used a credit card, our credit card number is potentially in the hand of data thieves. Anyone who has gone through having a card compromised knows the pain and hassle of dealing with the mess that's created. If you have recurring payments, you've got to contact the vendors and get all that straightened out. You should be watching your credit. It takes time - none of it enjoyable - to handle the fallout. But what if we used cash?

Cash doesn't leave a record that ties back to us. That means we're not vulnerable to identity theft from a purchase. Also, there's no tie for an organization to determine what my family likes. With a credit card number and name you have pieces of information that can be used to key sales together. That data can be used to better predict what a restaurant should provide for meals or what a store should stock. That information is valuable. It can be sold because folks want to target sales. It's more profitable.

Cash means there are no ties. None of this happens. You hand over the scraps of paper and metal and you're done. No worries about someone stealing your personal information. No concern about someone building a profile on you. The purchase is done and you walk away. Maybe our grandparents were on to something.


K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


Posted by Dustin_Mueller on 17 January 2013

The single biggest reason I carry cash for incidental purchases. While I watch my credit like a hawk, I still expect someone, somewhere, to have access to my information. The fewer times I put it out there, the smaller that risk becomes.

Leave a Comment

Please register or log in to leave a comment.