Almost up to one major hack a day
In less than a year we have now gone from 1 major hack a week to almost one per day.
Don't you just love progress? Yeah, me too. That reminds me, I need to update my A/V.
Clothing chain Eddie Bauer has admitted the payment terminals in more than 350 of its stores have been siphoning customers' bank card details to criminals. The retailer – which sells high-end clobber for hikers or anyone who wants to pretend they're outdoorsy – said malware infected its cash registers on January 2 and the code …
Yes, this! It's like they assess the cost of proper security and balance it against the likelihood of being hacked and the consequent costs. The problem is, they don't seem to understand the probabilities. It's "if", not "when". I suppose they might be gambling that not spending the money shows they are "prudent" so they can grab their bonus and bugger off before the inevitable hack occurs.
A browser extension like WOT pops up when going online to purchase something, warns you just how badly their payment security fucking sucks.
It'd be a good way of shaming them into doing more and embarrassing to be on the list.
When putting the order through on the phone say "I was going to buy online, but your on some blacklist"!
Maybe greylist?
The phone operators will love being able to report you saying that. It ensures their jobs. Much like the reversing ebb tide as local-lish-speaking phone service centers are picking up employees as customers ask for someone they can understand and be understood by.
Outsourcing: the kuru of the modern business world.
I'm only using cash or a check currently for brick and mortar shops for the last six months. I'm thinking that I'm heading to cash only. I was ignoring/boycotting places that got hacked like Michaels, Target, Home Depot, but I'm not sure there's anyplace left that hasn't been nailed.
> I'm only using cash or a check currently for brick and mortar
Good luck trying to get most shops here in the UK to accept a cheque - most places won't now. And paying for valuable things using cash is a non-starter (for several reasons - transfer of risk to the CC provider, carrying large amounts of cash is not clever and, again, a lot of shops won't take cash for large purchases).
"Anybody else bothered by the fact that it took them 6 whole months to come clean ?"
It didn't. It's taken them somewhere between one and two months to come clean, depending on exactly when the infection was found - which is what took them six months to do:
"malware infected its cash registers on January 2 and the code remained undetected for at least six months. The software nasty was cleaned up on July 17"
The problem will NEVER go away as the criminals can get smart enough to switch out stripe readers, Chip readers, and perhaps even invade the clearinghouses where the data has to necessarily exist outside the encryption envelope. It's basically becoming a DTA world where anyone can get you anywhere, anytime, and without possible recourse. Not even cash is safe as they're developing serial trackers for that.
Common theme with these press releases is towing of the "sophisticated attack" line. This is no exception.
Why is it never "our procedures were crap, we got owned by someone who just put some bits and pieces together that they bought off eBay and tried their chances"?
Tell me exactly why you think it was a sophisticated attack and I'll maybe, just maybe, let you use the word.
On a related note, I wish companies were obliged to give a precise account of technically, exactly why an issue occurred in the first place.
"...until organizations that accept credit card payments fully deploy end-to-end encryption to protect payment information as soon as it is captured into the system,"
But, but, that will leave the "free world" open to jihadists, communists and other undersirables. You just can't have any old Tom, Dick or Harry protecting their most sensitive data even if that means there will be more of this kind of data breach.
Get your priorities right.. State security first and sod everyone else.</sarcasm>
Bastards.
Simple way to stop the simple way to stop it: bribe or blackmail any legislators who dare to propose such a law. It's not like they're going to be affected. Let's face it. In our world, money talks, all else walks, and it costs less to pay out when the breaches occur than it does to take preventive action, especially since many markets are so tight that shopping becomes a Hobson's Choice: the only alternative is to go without.
Well, it's a bit like the Internet of Things. All the convenience comes at a cost. Will there be a day when we refuse to use non-open source gadgets (that are usually riddled with security fails - look at IP cams)? Yes, probably. Will thpere be a day when we refuse to buy from shops using easily cloned methods of payment? Yes, probably. The reason we use credit/debit cards is convenience. It's a lot easier to insert a piece of plastic into a machine than mess around with money. However the time we get hit with fraud, payments we didn't make, and the hassles of trying to convince the banks that such things were not our doing (with banks unwilling to accept that their system is not perfect), that's the point when all this ease and simplicity ceases to be. That's the point when good old fashioned cash starts to look more attractive. Cash can be faked too, but for the average person the effects have less impact.
" Cash can be faked too, but for the average person the effects have less impact."
Me: Hello MyBank.plc. I've just lost my credit card number xxxx xxxx xxxx xxxx
MyBank.plc: Oh sorry to hear that Sir. I've just cancelled the card and a new one is on the way.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Me: Hello MyBank.plc. I've just lost £500 in cash.
MyBank.plc: And.......?
I went in to an Eddie Bauer once in Toronto on holiday, I was killing time until the Baseball shop opened to get some tickets. Anyway, got chatting to a lovely girl there who asked me if I wanted to go for a drink. I politely declined as I didn't think my girlfriend - who was with me on the trip - would appreciate me going on a date with another woman.
But I think back on those times and I realise how lucky I am. Imagine if it was just a tactic to get me to buy something from the store? "You're awesome, let's go for a drink! I think this shirt would look amazing in the bar I want to take you to.."