Living with credit, Research, regulation, industry reports

Not the type of hack you expect in a NY taxi

Jeremy Simon

Anecdotal stories have New York City cab drivers using all kinds of excuses to discourage riders from paying with a credit card. But news reports of a rider apparently hacking the credit card reader display screen could do more to discourage plastic payments than any tall tale told by a cabbie.

InformationWeek and New York’s WNBC report that a New York software engineer was able to gain access to the operating system for the credit card reader’s touch-screen display, which is meant for presenting ads and short videos to riders, as well as enabling them to pay their fare with a credit card.

Artist and software engineer Billy Chasen got in a cab recently only to find an error message on the display screen. So Chasen decided to experiment a bit. As he explains in his blog, Chasen and was able to gain “full administrative access to everything on the PC.” He writes, “It was not only a security flaw, but people also pay with the screen if they use a credit card. That information could potentially be stored locally.”

VeriFone Transportation Systems, the display system’s vendor, explained to InformationWeek that passengers’ encrypted credit card data is not stored locally in the system, adding that the cab in question used an outdated modem, which was installed when the city was testing the display systems. In a post on Chasen’s blog, VeriFone said the outdated modem was subsequently replaced.

But security experts say Chasen’s story raises doubts about the security of the credit card payment systems.

“What if somebody was able to download coding to that machine that could record and transmit whatever you put in, including credit card numbers?” Al Brill, a computer security expert at Kroll Associates, asked WNBC. The theft of large numbers of riders’ credit card information would prove a nightmare scenario for VeriFone and would likely make New Yorkers think twice about swiping their plastic to pay a cab fare.

Weak security around credit card information has proved a disaster before. Earlier in 2007, the parent company of T.J. Maxx admitted that hackers had raided its computer system, making off with nearly 100 million credit card numbers. I’m sure that’s not the type of record the New York City Taxi & Limousine Commission is hoping to top.

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.