Retailers shot up by PoS scraping brute force cannon The US Computer Emergency Response Team has warned of a new point of sale malware that is targeting retailers. The malware is a RAM-scraper of the kind made infamous by the Target breach that saw attackers plant wares on terminals to nab credit cards while they were temporarily unencrypted. This attack uses a new tool …
Over here most shops just have a payment terminal that is connected to the PoS via serial or network, and the software just tells the terminal what amount the customer has to pay.
No way for crooks to steal any data, the worst they could do is send it incorrect amounts. Money always goes from customer to shop bank account.
I was wondering that myself, why does the PoS computer even need to know the credit card number? Surely you just send the price to the card terminal, and receive back a message either telling you that the customer's card paid up, or that it didn't (or was cancelled, declined etc.)?
This way not only is your PoS terminal not at risk of CC numbers being leaked, but you don't have to worry about PCI compliance for your PoS software, which is a massive advantage.
@Gene Cash - well Checks (and Debit Cards) make it easier to empty your bank account directly. At least with a Credit Card you are shielded from anyone having a direct line to your money, and have some additional legal protections as well. Its fairly easy to empty your account once someone has your ABA and account number, and much harder to recover the money stolen. Checks in the modern electronic era are unsafe at any speed, and weren't that safe before - see Frank Abagnale's exploits in the 1960's
I suppose when increased insurance premiums, bank costs and loss of sales due to deteriorating customer good will exceed upgrade costs they will make the change.
Is management so short sighted they don't see that this is a "pay now or pay later" situation?
"Is management so short sighted..." In a word ? YES.
And not just in retail
I once worked for a [redacted] firm that made equipment affecting almost every [also redacted] in the US. It was cheap to make and profit came from volume, so when a higher level of compliance with [a formerly optional technical standard] became necessary, I was told to fix non-compliance *without changing the electronics*.
That decision resulted in losing about $100 every time a new cabinet went out the door.
"You tells 'em an' you tells 'em and they never lissens..."
Management are ALWAYS short sighted when they look only at this quarter's profit -- and their own division's budget.
It is not so much this quarters profit. More and more companies are using bonuses as compensation rather than pay raises. If a Manager has a better profit this quarter then he gets a better bonus this quarter.
I am sure someone will say what about keeping his job in the future? As the recent Dr. Dre and Microsoft layoff announcements show, saying you will have a job in the future is just like saying you are going to win the lottery in the future.
You need to make the money when you can.
@cortland
I've been finding that a risk averse corporate culture is starting to play into it as well. Sometimes its not strictly financial, its simply "perceived" risk. I've been in similar situations as yours. I suspect in a meeting, someone (pointy hair manager type) said it was less risky to keep the same electronics and have someone just "fix it" with software, not understanding the levels of complexity that are truly involved.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
