4 posts • joined Friday 28th March 2008 08:02 GMT
Definitely an inside job.
Iam currently contracted to do software development / testing for one of the largest convenience store chains in the world with 30,000+ stores worldwide. Every one of the servers runs the same card processing software and same credit card processor.
I estimate it would take about 6 hours to push out a small piece of software to EVERY store, capturing track 1/track 2 data as well as customer PIN information before it is encrypted. The customer card / PIN terminals send unencrypted information from the Point Of Sale (POS) terminal to the in-store server where it is then encrypted in a matter of milliseconds and sent over the network. It's very easy to capture the data before being encrypted, giving you full access to PIN and track1/track2 data. (With exception to transactions made at petrol pumping stations as they use hardware encryption before being sent to the server.)
We're talking at least 250,000 cards a day here with full track/PIN data. A $200 magnetic stripe reader/writer, some blank cards (usually about .50c apiece), and a few trips to the ATM ... Let's just say it would mean retirement before anyone figured out what was going on.
It, however, would not be possible to send that data to a source outside of the firewall as the routes to the card processing company, administrator access, and the frame relay network ISP are strictly controlled. This would have to be done internally through someone with access to the trusted network.
The most-likely suspect would be the person in charge of the firewall/routing as they would have access to every IP in the trusted network as well as the ability to route traffic outside the network. Or as in this case, an "unidentified offshore ISP".
It takes thousands of people and millions of dollars to design the system but only one determined person to take it all apart.
For all of the UK people that say America is full of idiots...
#1 There are stupid people everywhere.
#2 You voted for Tony Blair.
#3 You agreed to give up your guns. (See #1)
#4 Gun crimes in the UK have almost doubled since 1997, when the ban on firearms began.
#5 You are now oblivious to the loss of your own personal freedoms and have no way to defend yourself against the tyrannical government in the UK.
Yes, George Bush made this guy shoot his wife through the wall. Just turn your head towards America and ignore the sharp pain in your arse.
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps