AT&T Tech Support 360September 14, 2007 3:24 PM PDT
Security Bites Podcast: What's behind retail store data breaches
Listen Now
If TJX and Best Buy use the same transaction service, how come one, and not the other, is responsible for the largest data breach in U.S. history?
Listen to more episodes of this podcast at the Security Bites podcast archive.
Subscribe to this podcast
Subscribe to the podcast rss feed,
When you make a purchase at most any retail store, chances are you swipe your credit card through a device that hasn't been updated in 15 years. But that isn't the problem. The card you swipe, and the authentication from Visa, MasterCard and Discover--that's all good and secure. A criminal can break into a store and steal the credit card swipers and maybe get 100 to 200 active credit card accounts. But the serious criminals know to look upstream.
The larger problem involves large retail stores with thousands of chain stores around the country. They pool their credit card data into what are called branch servers, and thieves, gaining access to the corporate network, know to look for these branch servers. That's what happened at TJX and OfficeMax. They lost up to 45 million credit card numbers.
This week, CNET.com's Robert Vamosi interviews Neal Krawetz of Hacker Factor, better known for his digital forensics work. Krawetz has looked at the vulnerabilities inherent in large retail store point-of-sale systems. He first noticed the problems back in 1992, and over the years, after contacting Verifone, Visa and Fujitsu Transaction Solutions, and receiving no response, he reluctantly made public his findings in a public report (click for PDF).
Continue the discussion
