Top Stories


    Sep 08, 2014

    Beware of shops swiping your credit card twice

    IT IS done so quickly that you might not even notice it. But that extra swipe of your credit card by some merchants compromises your personal data and breaches data protection laws.

    Known in the industry as "double-swiping", the second quick swipe of consumers' credit cards is typically done after credit card transactions have been approved.

    Merchants do this to record the mode of payment for accounting purposes, and to collect card holders' personal data for marketing purposes such as loyalty programmes.

    Even though banks have been telling retailers to stop doing this in the past two years, as the practice exposes consumers' personal data to security risks, many retailers have not stopped.

    Today, however, new data protection legislation allows consumers to make a report against rogue merchants.

    "If the merchant wants to collect personal data beyond what is needed for the payment, the merchant should get the consent of the customer," a spokesman for the Personal Data Protection Commission told The Straits Times.

    The Personal Data Protection Act was fully implemented on July 2 to safeguard consumers against the wrongful collection, use and disclosure of personal data for marketing.

    Last week, The Straits Times spotted several merchants - including eateries and toy shops - double-swiping credit cards.

    The Association of Banks in Singapore (ABS) said banks have asked merchants to consider alternative ways to collect consumers' data.

    The Straits Times understands that some are dragging their feet as this involves changing the way they work and investing in new systems.

    "Some merchants and retailers would need extra time to reconfigure their more complex systems," said Ong-Ang Ai Boon, ABS director.

    Double swiping undermines the latest advancements in card technologies. Credit card data now resides more securely in embedded computer chips, instead of on magnetic stripes that can be skimmed by fraudsters.

    Depending on how merchants design their cash registers, information ranging from a card holders' name and credit card number to the expiration date can be collected.

    The double-swiping practice has left some consumers concerned about their privacy.

    Engineer Ngiam Shih Tung, 47, said: "A credit card number and expiration date are all you need for a fraudulent transaction on some websites."

    The commission said that it has not received any complaint about double swiping so far.

    Organisations found in breach of the Act could face a fine of up to $1 million.