After reading the last two paragraphs,
<facepalm>
Some 324 restaurants across the United States, including 216 Jimmy John's outlets, have had payment terminals compromised by malware after a breach at vendor Signature Systems. The massive breach occurred when an intruder stole remote log-in credentials for Signature's point of sale (PoS) kit, according to cyber-crime reporter …
The malware evaded anti-virus software and remained in Jimmy John's sandwich stores from June to 5 September this year.
Evading anti-virus software is like outwitting TSA officers, but staying in the sandwich store for 3 months like a slightly creepy diner guest in a David Lynch movie is pretty sly.
I can't remember the actual card itself but:
"(Insert name of card) says more about you than cash ever can"
It is those numerous 'little purchases' with cards that are forgotten immediatley, the coffee, the small snack - that are great to target as the customer just wants to drink or eat.
Sometimes when you pay with cash you get an odd look from behind the till as if you're doing somethig wrong.
When the 'Bonk to Pay' terminals get pwnd then there's a lot of details to be had --- quickly and easily.
Best reason to go back to using cash & hope your bank's atms are safe..
CC/POS systems are discussed and targeted constantly - what I would like to know is what about those checks the older generations still use to frustrate everybody behind them in line? Scanned & transmitted, then handed back to the customer.
Since mail theft is a time-honored, old-school method of obtaining & washing checks for fun and profit - would this not also be a concern? Easier than washing and old tech enough to fly under the radar.
Somebody care to shoot my balloon down?
With good reason. Getting PoS systems to work, especially for credit card processing is a definite a dark art. Back when I had to implement it for our group (back around the time PCI-DSS was just forming), we
- evaluated all the processing companies and chose two to work with.
- set up the appropriate bank accounts to handle our two processing licenses (one for online, one for at con)
- talk to the bank affiliated agent to make sure we had everything we needed
- purchased two components from one company,
- had our programmer write the hooks into our custom software
- tested everything, or thought we had.
Then we went with the live setup and ... Nothing. Spent the better part of the day on the phone with tech support to find out there was yet one more piece that needed to be implemented before it would all work. Normally took 2 weeks but they pulled strings and got it for us immediately so we could get it implemented for day 2 of our 3 day convention. The problem at the time was, nobody handled it from end to end, so nobody really knew everything that was required. I imagine that part isn't greatly changed even with PCI-DSS.