My card number and expiry date printed on receipt

[Dav4]

Random question to ask but I have never noticed this before when using my card to pay for something. I Was in a crappy run down restaurant before and paid by debit card using contactless.
The guy came over with the card machine and asked for my card looked at it and said “oh is it contactless” asked me to check the amount on the machine then I scanned the card for payment. It then printed 1 receipt out which he handed over to me. It wasn’t until later I noticed the receipt was displaying my whole 16 digit card number and expiry date it also said merchant copy on the bottom. Now maybe I’ve just never noticed this before but doesn’t a receipt normally only display the last few digits of a card number? And don’t most print a customer and merchant copy out? Is this normal or does it sound dodgy?

 

[Dav4]

Customer copy only shows last 4 digits whereas merchant shows the whole thing. Generally the merchant copy is not supposed to be given to customers. When you use contact less there is no cardholder receipt as you have not authorised with your PIN but most retailers are relaxed about giving you the merchant copy.

Oh so it’s normal practice then for the merchant copy to show the 16 digits and expiry date? Normally in restaurants I use my pin as it’s always over £30 so maybe that’s why I’ve always got the customer copy that only displays the last 4 digits instead of the merchant copy. It’s just something I’ve never noticed before it just seems fairly unsafe showing all that information and I was slightly paranoid with it being a fairly run down restaurant in a dodgy area lol

 

[Dav4]

Yes it's supposed to show that.

Thanks for clearing that up I was worrying they had my full card details especially with him asking for my card first to look at and the receipt displaying my full card number. Just me being paranoid then lol.

 

[Dav4]

For PCI Compliance in the UK card numbers must be hidden (6 digits) on the receipts. I worked in installing tills and card machines 4/5 years ago. This may or may not have changed in the last 4 years. Any store that has card numbers on the receipts I wouldn't trust them at all!

It only takes them to photo your CSV on the back and that's it someone could take your money.

I’m worrying again now is there anything anyone would recommend doing should I contact the bank or change my card etc?

 

[Dav4]

Thanks Mrbell, I should remember myself really as I worked with EPOS for 15 years and actually put my old company through accreditation. I was fairly sure but thanks again for confirming it.
As for @Dav4 don't stress if it’s a standalone terminal it might be an out of date terminal. If you are really bothered go back in and see who provided the terminal. There is only a few providers Elavon, Worldpay, FIS are the ones I have worked with. Might even tell you on the receipt.....

The receipt has RMS retail merchant services on the top

 

[Dav4]

https://bestpaymentproviders.co.uk/rms-retail-merchant-services-after-its-acquisition-by-tcv/

So they are a legit company then?

 

[Dav4]

So to sum it all up because there’s conflicting replies it’s normal for a merchant copy to show all 16 digits and expiry date of a card and the customer copy only shows the last 4 digits but I didn’t get a customer copy because it was contactless I paid by?
It’s just the fact the restaurant was a dump and the guy asked for my card looked at it then handed it back just looked slightly odd in my opinion but if it’s normal for such details to show on business merchant receipts then I don’t need to worry about cancelling my card and getting a new one do I?

 

[Dav4]

A merchant copy can show it yes... so can any other receipt, but if a business wants to be PCI DSS Compliant. It's not against UK law to do so but (could come under data protection in UK law). For a business it would be wise to be PCI DSS compliant anyway.

If it makes you feel safe just order a new card and stop the other one then they wouldn't be able to take any money out at all.

You do realise contactless isn't secure at all? I actually can't even get over why cards are contactless these days for security. Boggles me.

Ok thanks for the info I appreciate it. I might just get a new card. Yes I have always been against contactless having seen several documentaries on how unsafe it is but when I got my new card I was told by the bank they now automatically just come with contactless so thought I would try it. Surely contactless is safer than putting your actual PIN number in with things like skimming etc in dodgy establishments especially with there only being a £30 limit?