![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
This is why we can't have nice things. You can't trust major merchants like Target and Home Depot and Nieman Marcus to keep their systems secure. Mom & Pop companies can't afford a proper IT department, so they go to a POS vendor, only in this case POS doesn't mean point of sale.
In this particular case, to quote from Krebs post, "NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned.
The acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada."
http://krebsonsecurity.com/2015/03/point-of-sale-vendor-nextep-probes-breach/
So we're screwed, but the truth is that we've been screwed for years. Use cash when you can, use a bona fide credit card when you can't as you have better laws behind you for recovering stolen funds.
The saddest thing is that the one improvement that U.S. banking could make to really make life hard for these criminals is to implement Chip & PIN. Every card has a crypto chip, and you have to enter a PIN number. Two factor security. If your card is stolen or forged and they don't know the PIN, they can't use it. So American banking is doing a half-assed implementation and putting in the crypto chip, but no PIN. Also no signature required. So no verification whatsoever. The reasoning is probably that they don't want to burden people with remembering a PIN, which we've been doing for 25 years anyway.
*sigh*
In this particular case, to quote from Krebs post, "NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned.
The acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada."
http://krebsonsecurity.com/2015/03/point-of-sale-vendor-nextep-probes-breach/
So we're screwed, but the truth is that we've been screwed for years. Use cash when you can, use a bona fide credit card when you can't as you have better laws behind you for recovering stolen funds.
The saddest thing is that the one improvement that U.S. banking could make to really make life hard for these criminals is to implement Chip & PIN. Every card has a crypto chip, and you have to enter a PIN number. Two factor security. If your card is stolen or forged and they don't know the PIN, they can't use it. So American banking is doing a half-assed implementation and putting in the crypto chip, but no PIN. Also no signature required. So no verification whatsoever. The reasoning is probably that they don't want to burden people with remembering a PIN, which we've been doing for 25 years anyway.
*sigh*
