Viacom's Deal With Joost Really Just A... >>
<< Court Tells Disney It Can't Ignore Rights...
 tdicon 

Failures

by Joseph Weisenthal

Tue, Feb 20th 2007 9:12am





Attackers Tamper With Credit Card Scanners To Steal Personal Data

from the bait-and-switch dept

A recently announced vulnerability of Chip and PIN payment terminals in the UK was predicated on the idea that attackers could somehow remove the devices and then replace them with something identical looking that would swipe information off of shoppers' payment cards. There were a few aspects of the attack that seemed impractical, but perhaps the removal of the machine was not one of them. This week, in Boston, a supermarket chain announced that attackers had stolen data from many of the store's customers by removing and modifying a few credit card readers. How the attackers got the readers to transmit the data back to them is unclear, as the store is remaining tight-lipped on the technical details of the attack. Of course, it now says that it has locked down all of its readers so as to prevent this from happening again. That seems like an obviously good idea; why is it, though, that these measures like these are only taken after a breach?
7 Comments | Leave a Comment

If you liked this post, you may also be interested in...

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    IT, Feb 20th, 2007 @ 10:08am

    seriously

    Most security measures are only taken after a major theft, take Walmart for instance, where a series of robberies took place in Florida where two men dressed as store employees went through the unattended registers, emptying the larger denomination cash bills into bank bags, moving slowly, looking bored, using keys made for Walmart by NCR. This prompted WM to change the keys to the registers in many of their stores, so that few keys will work between different stores in the chin.

    reply to this | link to this | view in thread ]

  2. identicon
    Aliyah, Feb 20th, 2007 @ 10:22am

    No Organization is Perfect

    We never had tamper-proof packaging until some idiot decided to put cyanide into Tylenol caplets. I don't expect a store chain to be able to anticipate every possible security breach before it happens. They would spend too much time and money second-guessing the criminals. It's easier to fix the damage and make sure that it doesn't happen the next time.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, Feb 20th, 2007 @ 10:32am

    Shaws or S&S

    reply to this | link to this | view in thread ]

  5. identicon
    Sanguine Dream, Feb 20th, 2007 @ 1:06pm

    I wanna know...


    How the attackers got the readers to transmit the data back to them is unclear, as the store is remaining tight-lipped on the technical details of the attack.


    How did the attacker get their hands on the machines to modify them?

    reply to this | link to this | view in thread ]

  6. identicon
    Sean, Feb 20th, 2007 @ 1:29pm

    How did they do it?

    Sounds like an inside job to me!

    reply to this | link to this | view in thread ]

  7. identicon
    Merchent, Jun 13th, 2007 @ 11:08am

    Security Measures...

    It seems they based their security on the good will and faith of people being honest. Locked down now, I thought most companies did that sort of thing off the top!

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Viacom's Deal With Joost Really Just A... >>
<< Court Tells Disney It Can't Ignore Rights...
 tdicon 
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Thursday

23:14 The Getty Museum's Lessons Learned From Opening Up Content (0)
16:22 Twitter Suspends Hundreds Of Thousands Of Terrorist Accounts, Gives Everyone Its 'Quality Filter' (8)
14:38 With Republicans Backing Away From TPP, Does It Still Have Any Chance? (17)
13:02 Techdirt Reading List: Wired Shut: Copyright And The Shape Of Digital Culture (0)
11:47 PayPal Stops A Payment Just Because The Payee's Memo Included The Word 'Cuba' (42)
10:47 Allegations Of Dysfunction Continue To Plague FirstNet, Our $47 Billion (And Growing) National Emergency Network (16)
10:42 Daily Deal: The Big Data Bundle (0)
09:36 DirecTV Faces RICO Class Action For Bungling Business Installs, Then Demanding $15,000 For Theft Of Service (17)
08:36 Remember Claims That Cord Cutting Was On The Ropes? It's Actually Worse Than Ever (32)
06:33 Think Tank Argues That Giving Up Privacy Is Good For The Poor (44)
More arrow
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.