NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0228 Point-of-Sale Terminals emerge as Weak Link in Security Chain:
Point-of-Sale (POS) terminals pose more of a risk for data theft than shopping online, according to research by Gartner. Of 160 breaches investigated for one major credit card brand, 128 took place where the card was physically present for the transaction, rather than being used online or over the telephone. When a card is swiped, POS terminals often collect and store the data held in the magnetic stripe on the back of a credit card, said Gartner analyst Avivah Litan. In the hands of sophisticated hackers and counterfeiters, the data collected from the magnetic stripe is enough to create a replica card. Many retailers' networks use the internet to transmit data in place of dial-up networks, and many have incorporated wireless access points into their networks using WEP (Wired Equivalent Privacy), Litan said. Hackers lurk in parking lots looking for weak networks to penetrate. Since the POS terminals are linked via IP, once a hacker has accessed a network they can try out neighboring IP addresses until they locate a store of data, Litan said. Gartner predicts that by next year, most attacks against retailers will be directed at their POS terminals, and only 30% of POS software will be compliant with the prevailing security standards by 2009.
(www.computerworld.com 26JUN07)