Long left by many merchants under the counter for use in case of emergency, the manual credit card imprinter, affectionately known as the “knuckle-buster” for obvious reasons, recently emerged to the countertop once again, but for an unusual cause: to accommodate card transactions following a merchant data breach.
When Chinese-restaurant chain P.F. Chang’s announced it had experienced a “security compromise” involving credit and debit card data stolen from some of its restaurants, the company issued a statement describing the event and how it was reacting. In noting whether customers could safely use their credit cards, the chain said its Chino Bistro-branded restaurants had resorted to using credit card imprinters to handle their card transactions. “This allows you to use your credit and debit cards safely,” the company said.
Card imprinters in the 1960s were commonly seen at store checkout counters, where clerks would place a customer’s card on a slot under inked paper and slide a press over it (the knuckle-busting part) to get an imprint of the information embossed on the card. The customer would then sign the form, and the retailer may call the issuer or stand-in processor to get a confirmation code to write on the slip for authorization, or it could choose to skip that step for smaller transactions. (Banks also often used the knuckle busters (with the phone call authorization) for credit card cash advances.)
Electronic cash registers in the 1970s replaced many of the manual devices on merchant countertops, but the introduction in the 1980s of relatively inexpensive standalone payment terminals from such companies as VeriFone and Hypercom sent the producer of very paper-intensive transaction processing into hiding for good – almost. As the recent breaches that also have affected such major retailers recently at Target and Neiman Marcus have shown, even card data collected electronically but inadequately secured can pose significant – and costly – problems for affected merchants.
Because card imprinters rarely are used today, P.F. Chang’s statement went into detail describing the process and why it was used following its reported breach. “The fastest alternative was to transition to manual imprinting devices (a.k.a. ‘knuckle busters’) to safely process credit and debit card payments at all P.F. Chang's China Bistro-branded restaurants in the continental U.S.,” the company said. “P.F. Chang's is handling the storage and destruction of these slips according to the data-protection processes required by the credit and debit card companies.”
Though the receipts customers received suggested the transactions processed through the imprinter were handled electronically, the company stressed that they weren’t. However, ach restaurant was given one electronic payment terminal that encrypted card data, but its use likely could have created a bad experience for some customers.
“All P.F. Chang's China Bistro branded restaurants in the continental U.S. were provided with an encryption-enabled terminal to securely process credit and debit card information via a dial-up fax line,” the company said in its statement. “Because we currently only have one terminal per store, we continue to use the manual credit card imprinting so that our guests can pay their bill quickly rather than wait for their transaction to be processed via the terminal.”
The restaurant owner did give the customers the option to have their card transaction processed using the one terminal it had in each store, but it noted the process could take longer. “We are looking to add more terminals to each of our stores as soon as possible, and once we are able to do this, our goal is to phase out the manual credit card imprinting.”
When that occurs, once again, that nasty knuckle buster goes into hiding, ready to emerge once again when needed to accommodate the times when the technology that replaced it illustrates how the industry still has its work cut out for it to make card processing more secure, as well as more convenient, for merchants’ customers.