Target Breach: 8 Facts On Memory-Scraping Malware

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

MarkSitkowski,
User Rank: Moderator
1/16/2014 | 6:28:29 PM

Target Breach

I posted this against another article, but I think it's important enough to repeat here.

Before the hackers damage another retailer, let me suggest a way of preventing this happening again. The benefit of this solution, originall designed for internet purchasing, is that it saves the credit card companies from having to invest in expensive EMV cards and, as a side benefit, a lost or stolen card will be useless to the thief. Also, very little modification needs to be made to the POS terminal. Further, the customer never sends his credit card details to the retailer, and the retailer's transaction records contain no usable information.
1. Remove all data from the credit card and its magnetic stripe, except for a simple User ID and, perhaps, the expiry date.
2. The credit card company installs a fraudproof authentication system, as described in www.designsim.com.au/What_is_SteelPlatez.ppsx, in its data centre.
3. The customer and retailer have accounts on the authentication system.
4. When the customer needs to make a purchase, he logs in to the authentication system belonging to the appropriate credit card company, giving his user ID and the amount of the purchase.
5. The retailer also logs in to the system, giving his merchant number, or User ID, and the customer's User ID (taken from the POS in use)
6. The credit card company knows the user's card number, so if he's been authenticated, it checks for a match with the retailer's submission.
7. If there's a match, it performs the usual checks for limits, expiry etc, issues an approval, pays the retailer etc.
Simple

Reply | Post Message | Messages List | Start a Board

50%

PaulS681,
User Rank: Apprentice
1/15/2014 | 7:30:13 PM

Re: Another reason...

Interesting concept. Paying with cash would make these POS machines obsolete however hackers would probably focus their efforts on financial institutions and hack you that way. I say that in jest as cards are not going away anytime soon but you make a good point.

Reply | Post Message | Messages List | Start a Board

50%

Mathew,
User Rank: Apprentice
1/15/2014 | 7:11:53 AM

Re: Another reason...

Indeed. The convenience factor of using a debit/credit card would also be offset by having to carefully review one's statement online every 24-48 hours for signs of abuse.

Reply | Post Message | Messages List | Start a Board

50%

Thomas Claburn,
User Rank: Ninja
1/14/2014 | 8:18:24 PM

Another reason...

...to pay with cash. I wonder what the relative risk of being robbed is compared to the risk of being hacked.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

Zero-Factor Authentication: Owning Our Data

Nick Selby, Chief Security Officer at Paxos Trust Company, 2/19/2020

44% of Security Threats Start in the Cloud

Kelly Sheridan, Staff Editor, Dark Reading, 2/19/2020

Ransomware Damage Hit $11.5B in 2019

Dark Reading Staff 2/20/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

Let's Talk: Why Language Matters in Cybersecurity

Protection Inside and Outside the Office: The New State of Cybersecurity

PWAs: Powering Next Gen Business on the Web

Serial Console Servers

5 Steps to Perimeter-Less Security: Adopting Zero-Trust to Secure Access

More White Papers

Video

All Videos

Cartoon

Latest Comment: I don't know anything about Information Security but I have to decide if you qualify for an interview with the Security team. I have a set ...

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5243
PUBLISHED: 2020-02-21

uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent hea...

CVE-2019-14688
PUBLISHED: 2020-02-20

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial produc...

CVE-2019-19694
PUBLISHED: 2020-02-20

The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the ...

CVE-2020-5242
PUBLISHED: 2020-02-20

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file whic...

CVE-2020-8601
PUBLISHED: 2020-02-20

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]