I had just bought $10.80 worth of Magic: The Gathering cards at the local gaming store. I asked if I could use a card to pay for it. The clerk said that would be okay, but he would have to 'add me to the computer.'

"Will that put me on the mailing list?', I asked.

"Sure. Name?"

"David Johnson", I replied. He began typing.

"Address?"

I gave him my street, city, state and zip. He typed in each response, followed by a solid hit on the enter key.

"Phone Number?"

I gave him my phone number.

"And what card will you be using?"

I handed him my card. He looked it over.

"I can't swipe the card, but I'll enter the information manually."

This had happened to me before. The magnetic stripe wears out, no biggie. I told him to go for it.

"4432..."

I thought it was unfortunate that he was saying the card number out loud as he typed, because there were other people in the store. They seemed pretty involved in their games.

"Okay, have to put in the expiration date..."

Sure, sure.

"Would you mind reviewing the information that I have entered?"

He turned the monitor towards me. I expected to see a Point-Of-Sale screen. I expected to see a nice piece of software for managing the store.

Instead I saw the familiar window of an AOL Instant Message. My heart sank. Did he really just send my name, address, phone number, credit card and expiration date UNENCRYPTED through an INSTANT MESSAGE SESSION?

"Does it look right?"

"My information looks fine! I just can't..."

At that moment, a reply popped up on the next line...

"It's good."

"Oh, crap", I thought, "Not only did he just give up the credit card, he just announced that it was good."

"We don't have a credit card machine at this location, but we have one at the other so we just use that one," he explained.

"That is really not cool," I said. I know the guy at the other location is the owner and I would be seeing him in a couple days. I made a mental note to explain to him what a terrible practice it was to send credit card information unencrypted over the Internet.

"Do you want a receipt?", the clerk asked.

Thinking that this was not going to end here. I asked him to please give me a receipt.

"We also don't have receipt paper so I will have to write it out."

"Great." In my head, I was thinking of the 800 number to cancel my credit card. I would at least give a call to find out if the bank thought I should cancel it.

"Here you go. I didn't want anyone to be able to see your credit card number so I put XXX's for some of the numbers." the clerk explained.

At this point, my jaw is hanging thinking of what a pain in the butt it will be to cancel the card, and total disbelief that this is even happening.

The 'receipt' put it over the top. All I could do was laugh at this point. I left the store with this in hand:

When I called the bank, the guy on the phone was laughing hilariously.

"Yes, Mr. Johnson, I recommend you cancel this card. We'll send you a new one immediately. Try to be more careful."

It's been almost two years since this occured. I scanned the receipt the next day. I have no remorse for the clerk or the store, which is why I waited to share.

Submitted by - David Johnson at http://www.davidj.org/stories/222/Credit_Card_Information_Sent_Over_AOL_Instant_Messenger.html