P K
> ... and will offer one year's subscription to an identity repair service
That's just so Dickian, the future really is arriving fast.
Dairy Queen has admitted to being hacked, six weeks after reports first surfaced that the US fast-food chain's tills were compromised. "We discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the …
Exactly. The entire identity theft industry is predicated on the stunning negligence in using someone else's numbering system as a financial identity. (It began as stunning ignorance, but morphed into stunning negligence as people became aware of all the places it is being misused.) In a sane world, the only thing a social security number thief should be able to do is collect your benefit and pay your taxes.
Not sure how you could avoid using a credit card number for financial purpose, though.
The social experiment of "good enough" technology running Windows or open source software is coming to a head with damn near every American impacted. From Neiman-Marcus to Nordstroms to K-Mart this covers about everyone. PF Changs to DQ. Organizations like Target chose "low cost" Dell servers running Windows in every store because of "cost". It was recently reported to have cost them over $250M while their business is down some 40%. When will these companies wake up and take (cyber) security seriously? If they did, they should start with AIX using PowerSC or Security & Compliance. I'm sitting at McCaren airport leaving the Enterprise (IBM Power & Z) conference where I just delivered several presentations (as a Business Partner) on PowerSC to customers. You have to protect the stack plus the perimeter. With built-in encrypted filesystems that use the encryption accelerations on Power servers, Trusted Execution, Security Expert plus PowerSC features like Real Time Compliance and the Trusted suite of Boot, Logging and Firewall. Time to get back to using secure technology for the right workloads.
Yeah, that's what we all need is more proprietary crap.
We used to run a retail system on AIX. We couldn't get rid of it fast enough. Anytime IBM is involved, you just add a few of zeros to all of the prices.
Your idea of "IBM knows how to make it secure, just give us tons and tons of money, we'll fix it" doesn't work for most businesses.
It's not the "low cost Dell servers" that are the problem, it's all of the crap code running on them that was written by some third world, lowest bidder outsourcer that's the problem.
Running Windows on any POS system seems to asking for trouble to me. When I ask vendors why they use Windows as on OS for point of sale, they tell me that all of their developers know how to code for Windows. My suggestion is always "get better developers, then".
"My suggestion is always "get better developers, then"."
The response is normally, "It costs more to get better developers than to pay off for the thefts."
Besides, no security system on Earth can do much against an insider, which I suspect is the culprit behind many of the hack jobs.
It has nothing to do with cheap tech, it has to do with cheap people.
Target had intrusion alarms logged before the hackers were in a position to steal info, but nobody was paid to look at them. The tech did it's part, the people failed.
All those buzzwords don't mean a thing if the CTO doesn't give a crap about security.
The list of locations compromised, and the dates compromised, are larger than admitted.
On May 22 my daughters card was used at Dairy Queen in Auburn Indiana
On May 23 it was used at two online file sharing services to open accounts
The card was cancelled and a new card issued
On July 22 the new card was used at the same Daily Queen
On July 23 the new card was used to open accounts at two online sharing sites
The brand new card had only been used at 2 other locations prior to being used at Dairy Queen.
I do this pretty often. Ok, I don't tend to buy ice cream very often but the same scale of transaction.
When travelling to forn parts it's usually cheaper to buy everything on plastic rather than cash as my card gets a better rate than over-the-counter foreign exchange, and I don't end up with a pile of small change that I can't use.
and begin to use cash again. Yeah, it's the end of Amazon, but what can we do ? Hackers have proven they can penetrate any security - from the military, to banks, to businesses like Home Depot and Target, and now they have penetrated the security of Dairy Queer...er...Dairy Queen. (Sorry, but that's what I call it. I wouldn't eat there, period).
Yeah, it's a pain, but you need to get off your butt, and go to the bank to get real money. Cash cannot be hacked. Now I'm off to bang rocks together to create fire. Fire good - credit card bad.
But cash CAN be stolen...or counterfeited...
I'll never forget the time I got done over by counterfeiters, they took my wallet, made me sit there for 3 days while they traced the £20 note and made copies before giving it back to me and letting me go. Bloody counterfeiters.
" ... but the code didn't get hold of stuff like Social Security numbers, PINs or email addresses."
Why would anyone give this information to a high street retail outlet? After being 'hit' by spam e-mail and spam phone calls/txts some years ago, I now tell anyone who asks that I don't have a mobile phone and that I don't use e-mail. They seem surprised but they still sell me stuff.
Local DQ restaurants on the NW Oregon Coast are using paper script made by running an imprinter for each card purchase...something done 20 years ago everywhere...the script is harmless and no one was ever dumb enough to try to counterfit it...
Q= if the imprinted info on the paper form is good enough to be converted back into restaurant account funds and credit / debit billing to an individual...WHY IS ALL THAT EXTRA DATA NEEDED FOR A SWIPTED CARD TRANSACTION ?? (please forgive my yelling, this has been driving me nuts ever since I found what was on the striping of my Costco Card= my entire financial history with them= WHY ?? ).
IMHO= simple greed by everyone needs to go away... Here in the good old USA we are going to chipped cards next year to fix this, you and i both know that will not 'fix' this...RS.
Point of sale fraud is much lower in Europe since Chip&Pin was introduced over 10 years ago. Card authentication takes place on the card reader, and it simply reports back to the till that it was successful, or not successful, as the case may be. It hasn't completely eliminated fraud, but it has certainly improved the situation.
American businesses love to swipe credit cards directly into their POS systems for some stupid reason. My guess is that they harvest the credit card data so they can track individual customer purchasing habits.
In Canada at least, most businesses have separate bank-supplied chip-and-pin machines.
>Lowe's got hacked a few weeks ago. Could not understand why there may have been a a issue with Canadian stores. Went shopping there on the weekend. Found that I needed to swipe and sign on my credit card transaction. No Chip & PIN in their Canadian locations! Left the goods at the cashier.
Time to start hanging the CEO's and CIO's up by their bits using piano wire. No trial. No mea culpa. Straight to the bar.