Waiting in line at the Starbucks by my office I saw a massive gaffe in terms of security. Starbucks was fine, but the customer waiting in line in front of me was casually waving this around:

It’s important to know what you’re doing and make sure that you’re not giving a potential attacker any more information that you need to.

Ok, so it’s the back of the card… but with a simple flip…

I’m posting the first four digits since it doesn’t really leak a whole lot of information. It’s basically fully predictable given a bank. In this case knowing the bank would give you six digits, but whatever.

So, not only is the card number easy to read (no, I’m not going to post more), the expiration date, and name are all there for the picking. Not just that, but the CCID (which not having anything else isn’t important) is in plain sight since she’s nonchalantly flashing the back of the card. Which, by the way, isn’t even signed.

Just a simple reminder that even when you don’t think that you could be subject to an attack or you feel safe and at ease… well… be thankful I’m wearing a white hat.  :-)