Re: Question
Any number of ways from physical access to a terminal, back office server, head office PC, [...]
Not sure why you got downvoted for this – accurate answer to the question.
A few more questions pop up in my mind, though:
- Are there any penalties (fines) for losing card data (other than the risk of getting sued for damages by the victims, which AFAIK rarely succeeds unless you have actually lost money and have proof)?
- Is there any progress (or even intention) to move towards chip-based cards in the US to limit at least card-copying attacks?
- Isn't encryption mandatory by PCI DSS? What are the consequences for them if they "forgot" to turn it on?