Content Provided By:Payex

Browse Categories

Recent Posts

“Wardriving”….are you the in drivers seat of your business?

August 21st, 2008

Earlier this month, the Department of Justice announced 11 people from the U.S., Estonia, Ukraine, Belarus, and China are being charged for hacking into retailers’ computers and stealing more than 41 million credit card numbers between 2003 and 2005. The hackers targeted retailers including TJX, Barnes & Noble, OfficeMax, Boston Market, BJ’s Wholesale Club, Sports Authority, and others. Three of the suspects have been apprehended and the others are still at large. The perpetrators supposedly drove around in their vehicles with laptops, looking for unsecured “Wi-Fi” network connections, a technique called “wardriving.” Once inside the networks, the perpetrators install programs to capture credit card and debit card numbers and other sensitive data as it crosses their electronic payment processing networks. Once credit card information was gained, the numbers were used to create counterfeit debit cards, which were used to withdraw tens of millions of dollars from ATMs.

This is just one example of the many ways hackers can penetrate computer systems. Hard-wired systems can be compromised via unsecured USB ports, or by guessing a username and a password. Modems can be eavesdropped on, revealing credit card information. For these reasons and others, Visa and the other credit card companies came up with the PCI DSS, a series of 12 tenants for retailers.

While the PCI security process can be a headache for software vendors and integrators, merchants would be wise to follow the PCI DSS as closely as they can, Chandler says. “If they actually follow the 12 tenants, if they do the self-assessment questionnaire, then they will cover their exposures,” he says. “If they would do it, they wouldn’t have these problems. They’re not doing it.”

Even if the merchant service provider installs a perfectly secure POS system, things like an unsecured Wi-Fi connection can end up costing the merchant. “Now all of a sudden the most secure POS system goes to crap because no matter how you cover those 12 points within that island, if that island is connected and the rest of the mainland is not secure, you’ve got a bridge and you’re in there and you’re dead meat.”

For more on the steps you should take to ensure you are PCI complient please read our previous post.

CLICK HERE to complete the PCI SSC New Self-Assessment Questionnaire and find out how to become PCI complient.

Entry Filed under: Advice,News,Rules and Regulations

Leave a Comment


Required, hidden

Trackback this post  |  Subscribe to the comments via RSS Feed