 Venture Beat just published my review of the situation with payment card security, which basically answers the question: are we going to see more card data breaches? Supervalu and Albertsons are the latest retail chains to get hit by credit card breaches, but they won’t be the last. Here's why.
0 Comments
In addition to Alberson's stores breach, there are more Supervalu stores under different brand affected by the breach. The two breaches are connected as apparently the Albertson's stores use the same POS/payment software or/and payment gateway services provided by Supervalu: Some stores owned and operated by Albertson’s LLC and New Albertson’s, Inc. suffered a related criminal intrusion.SUPERVALU provides information technology services to these Albertson’s LLC and New Albertson’s, Inc. stores pursuant to transition services agreements, and we have been working together to respond to the intrusion into their stores.
I have written an article with the analysis of all recent breaches and prediction regarding further breaches. It will be published soon in one of the magazines or/and in my blog. Stay tuned. Just another grim story in the row of card data breaches... We will see more and more breaches like this until the industry realizes that the current payment card technologies - EMV is no exception - are insecure by design, it is nearly impossible to patch them, and they should be replaced by something else! This is visual representation of my Hacking Point of Sale talk at Tripwire booth at Black Hat USA 2014. Thanks Tripwire for this opportunity to present and sign the book!  I'll be doing two one-hour book signings at Black Hat USA 2014 and DEF CON 22 conferences in Las Vegas: Black Hat USA 2014: August 6, 2014, 5:30 pm Mandalay Bay Conference Center, Tripwire booth 141 (I'll be doing a short presentation before the book signing) DEF CON 22: August 8, 2014, 11:00 am Rio Hotel & Casino, No Starch Press community table in Vendor Area  Can someone shed light on this ghostly "payment card industry fraud investigative unit"? I stumbled upon this name in Brian Krebs blog's post about potential card data in Goodwill Industries. But googling this name did not return any distinct reference. Isn't such a unit, if it really exists, supposed to have some kind of communication portal for public relations, like IC3, for example?
Nothing changes as there is no need to change the mechanism that works. The same familiar scenario: An initial investigation revealed that someone, most likely outside the United States, remotely installed malware on the Big Rapids restaurant's server sometime during the past month. According to this study, more than 63% of businesses do not encrypt the account numbers of payment cards. Isn't it a true hacker heaven? During its 2014 study, PANscan scanned 145,144 gigs of data on 2,590 computers and found: |
  
Books
 Crypto Basics
 Bitcoin for Nonmathematicians: Exploring the Foundations of Crypto Payments
 Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions
Recent Posts
Categories
All
Archives
March 2025
|
RSS Feed
