When you approach an Automated Teller Machine, or ATM, it is widely accepted that there will be at least one camera that is fixed on your actions. Typically, this is a facial shot, and law enforcement uses these videos to capture your face and assist in crime investigation. While it is not with 100% accuracy, the ATM card holder can be relatively certain that the images and video will only be used for this explicit purpose.
Now fast forward to your traditional retail store. Similarly to the bank, one can be relatively sure that a closed-caption television system is used at all but the smallest retail establishments. Grocery stores, pharmacies, your big-box stores traditionally utilize a camera at the Point of Sale (POS). However, unlike the banks or ATMs, these cameras are not directly at the terminal; rather, fixed above the general checkout area. With debit card transactions utilizing a PIN to authenticate your purchases, does it not stand to reason that by not shielding your PIN entry, that there is a better chance that anyone watching the video signal can see your secret PIN?
You may be thinking that the risk is negligible; perhaps it is. But let’s take it a step further… Did you use a customer loyalty card? If so, where else do you use that PIN? On taxes? On your garage door entry? Your mobile phone’s voicemail? The introduction of the customer loyalty card, and its ability to mine your personal shopping habits provides a convenient bridge between what you do at the store, and where you go when you leave the store.
The lesson here is that we tend to take for granted the eyes that are observing our actions. By observing your surroundings and locating cameras and shoulder surfers, you can protect yourself from many of those meddling eyes. Shielding your PIN is a simple, yet effective means of ensuring the security of the PIN. From a personal standpoint, I also have learned to use different fingers for different keys to add an additional layer of protection from guessing based on the micro-muscle twitches of your arm and fingers. Is it overkill? Not to the person who has been hacked!
What are your thoughts?
Category: Learning Opportunities