back to article Pizza stores popped, sandwich stores sacked in PoS plunder

Some 324 restaurants across the United States, including 216 Jimmy John's outlets, have had payment terminals compromised by malware after a breach at vendor Signature Systems. The massive breach occurred when an intruder stole remote log-in credentials for Signature's point of sale (PoS) kit, according to cyber-crime reporter …

  1. Mark 85

    After reading the last two paragraphs,

    <facepalm>

    1. wolfetone Silver badge

      Re: After reading the last two paragraphs,

      Fairly sure Jimmy John's announced earlier this year that they would revert back to using the carbon copy method of card payments. So you've every right to face palm that.

  2. Destroy All Monsters Silver badge
    Trollface

    That malware's got character.

    The malware evaded anti-virus software and remained in Jimmy John's sandwich stores from June to 5 September this year.

    Evading anti-virus software is like outwitting TSA officers, but staying in the sandwich store for 3 months like a slightly creepy diner guest in a David Lynch movie is pretty sly.

  3. Triggerfish

    PoS

    Its stopped meaning point of sale.

  4. Anonymous Coward
    Anonymous Coward

    Tip of the lettuce

    I saw some really dodgy things in a branch of certain sandwich shop chain the other day. It got me thinking how many others might be so bad. I suspect he answer will be 'a lot'. I fully expect more of this sort of thing.

    1. ecofeco Silver badge

      Re: Tip of the lettuce

      "A lot" would be the correct conclusion.

  5. Anonymous Coward
    Anonymous Coward

    If companies aren't implementing PCI-DSS regulations as a basic standard before even handling payments they're leaving themselves open to issues. I can't think of one company I work with that I would consider compliant.

    Anon as there aren't many people with my name out there..

  6. Elmer Phud

    Old advert

    I can't remember the actual card itself but:

    "(Insert name of card) says more about you than cash ever can"

    It is those numerous 'little purchases' with cards that are forgotten immediatley, the coffee, the small snack - that are great to target as the customer just wants to drink or eat.

    Sometimes when you pay with cash you get an odd look from behind the till as if you're doing somethig wrong.

    When the 'Bonk to Pay' terminals get pwnd then there's a lot of details to be had --- quickly and easily.

  7. 404

    <thinking>

    Best reason to go back to using cash & hope your bank's atms are safe..

    CC/POS systems are discussed and targeted constantly - what I would like to know is what about those checks the older generations still use to frustrate everybody behind them in line? Scanned & transmitted, then handed back to the customer.

    Since mail theft is a time-honored, old-school method of obtaining & washing checks for fun and profit - would this not also be a concern? Easier than washing and old tech enough to fly under the radar.

    Somebody care to shoot my balloon down?

  8. Swarthy
    Pirate

    Cause & effect?

    Fraud shop OVERSTOCKED with stolen credit cards

    Causation, or correlation?

  9. ecofeco Silver badge

    Here we go again

    Next week will bring yet another headline just like this one.

    And the week after, and the week after, and...

    1. Tom 13

      Re: Here we go again

      With good reason. Getting PoS systems to work, especially for credit card processing is a definite a dark art. Back when I had to implement it for our group (back around the time PCI-DSS was just forming), we

      - evaluated all the processing companies and chose two to work with.

      - set up the appropriate bank accounts to handle our two processing licenses (one for online, one for at con)

      - talk to the bank affiliated agent to make sure we had everything we needed

      - purchased two components from one company,

      - had our programmer write the hooks into our custom software

      - tested everything, or thought we had.

      Then we went with the live setup and ... Nothing. Spent the better part of the day on the phone with tech support to find out there was yet one more piece that needed to be implemented before it would all work. Normally took 2 weeks but they pulled strings and got it for us immediately so we could get it implemented for day 2 of our 3 day convention. The problem at the time was, nobody handled it from end to end, so nobody really knew everything that was required. I imagine that part isn't greatly changed even with PCI-DSS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like