POS Data Breach Teaches Valuable Lessons

Press enter to search
Close search
Open Menu

POS Data Breach Teaches Valuable Lessons

By Abigail A. Lorden, Editor-in-Chief - 10/08/2012
As we get ready to put this issue of HT to bed, the tech blogs are lighting up with dialogue about the Romanians who in mid-September plead guilty to participating in a hacker ring that stole credit card data from hundreds of U.S. merchants, including Subway restaurants. From 2009 through 2011, the hackers stole data from more than 146,000 cards, amounting to $10 million-plus in losses.

The hackers gained access by first scanning the Internet to identify U.S.-based POS systems with certain remote desktop software installed, and then used the remote applications to log into the targeted POS, crack passwords, and snag credit card data via keystroke loggers or “sniffers.” Remote desktop software is often used by small businesses to enable tech support on their systems from off-site, and often third-party, providers.

Tech best practices tell us remote access is a vulnerable point of entry. We also know that passwords should be changed regularly, and never to use default passwords. All too often, however, merchants’ systems are left exposed by such practices. PCI requirements are complex and U.S. payment technology is inherently vulnerable. Adding even more complexity, franchised environments are particularly susceptible when owners disregard corporate best practices.

This example reminds us not only to change our passwords, but that due diligence is a necessary component to security. In a time when competitive advantage is built by compiling relevant consumer information, and many merchants are readily embracing the opportunity to leverage personal data — including but not limited to a consumer’s preferred method of payment —
diligence is more important than ever.

More Blog Posts In This Series

The Hero Hospitality Needs

After interviewing many restaurant and hotel CIOs, HT's Editor Dorothy Creamer discovers that the men and women that fill this job title within the hospitality industry are true superheroes with the power to use IT to help steer decision making for the business as a whole.

The Objective of Innovation

I am often perplexed by organizations that seem to refuse to update their systems. I was recently called for jury duty.

The Journey is the Experience

An experience is the sum of its parts. For consumers, the interaction with a brand often starts before they even set foot in a store or make a payment. It begins when a potential guest is considering what to eat, where to travel and book a hotel room, or even what time to get there.