Kudos to Houston Intercontinental Food Court Workers

I spend a lot of time on the road, and I wanted to highlight a good experience I had (twice!) in the Houston Intercontinental Airport (IAH) over the past two days.  When I was on my way to and from the OWASP Montgomery meeting where I spoke yesterday I went through IAH.  Rather than signing my credit cards, I tend to write “CHECK ID” on the back so that cashiers (in theory) will ask me for my driver’s license and verify my photo ID alongside my credit card and perhaps even check my signature as well.  This happens about 1% of the time – most folks just take my (unsigned) credit card and complete the transaction.  However, on both of my trips through IAH the food court workers both asked me for my ID and took a couple of seconds to check my photo on the ID and match the name to the card.  Fantastic!  The system works!  1% of the time…

I’m sure all the work that we do at Denim Group helping organization meet the requirements of PCI compliance helps to prevent data breaches and reduce credit card fraud.  But we are kind of swimming upstream if the “endpoint security” of all the workers arbitrating in-person credit card transactions is simply not working.

dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

2 Responses to “Kudos to Houston Intercontinental Food Court Workers”

  1. Jason Meridth

    Interesting idea with the “Check ID” on the back of the card. I’ll have to try that one.

  2. Dan Cornell

    More Kudos to the cashier at the movie theater I went to last night. She checked my ID as well. Perhaps she read the blog and got the message…

Leave a Reply

Your email address will not be published. Required fields are marked *