A leading provider of credit card technology for taxis is changing its security policies after it was disclosed that cabbies could easily gain access to customers’ credit card numbers online.

Verifone, a California-based payment technology company that operates in 28 countries, is one of three vendors the Taxi and Limousine Commission approved last May to install GPS-equipped touch-screen payment units in the city’s taxi fleet. The Verifone machines are in 45% of taxis equipped with the technology.

Drivers equipped with the Verifone technology who own and operate their own cabs have access to an itemized online log of their credit card transactions. Up until recently, those merchants had only to type in a user name and password on Verifone’s Taxitronic Web site and click through a list of truncated credit card numbers to receive the full, unencrypted numbers and expiration dates of customers’ cards.

Upon learning about the Verifone online system from The New York Sun, consumer advocates and security analysts expressed concern.

“If you have credit card data online that can be accessed at home through the Internet, you need more than just a password,” a fraud analyst at Gartner, Avivah Litan, said. “Anybody can steal a user name and password.”

After an inquiry from the Sun, Verifone changed its policy and removed the drivers’ access to those credit card numbers.

“A lot of these merchants were unfamiliar and uncomfortable with having this data,” a spokesman for Verifone, Joseph Ledford, said in a telephone interview. “We thought it to be wise to have the New York office assist them with this data, rather than have the numbers out and around.”

The company did not make its decision as a response to the Sun’s inquiry, the vice president of Verifone, Dave Faoro, said. “It was on the business side, not a security thing,” he said.

Owners of taxi fleets that lease out vehicles to subcontracted drivers will continue to have online access to unencrypted credit card data, but individual drivers will not, Mr. Faoro said. The numbers are made available in the event that a transaction dispute must be resolved with a credit card company.

The new distinction in access between merchant-drivers and fleet owners still has some in the taxi industry concerned about customer protection, and the liability of drivers and owners in the event of a security breach.

“I don’t know why fleet operators would be more trustworthy than an owner-driver,” the executive director of New York Taxi Workers Alliance, Bhairavi Desai, said. “So many fleets have so many employees that would still have access to information that should be secure.”