"US Secret Service had been in touch after initial waffle"
Can't expect them starting the day without some grub first...
Ice cream mogul Dairy Queen appears to have been breached with hackers likely stealing credit cards from some of its many US stores. The chilling news comes from sources within the US banking sector who separately told cyber-crime prober Brian Krebs that fraudulent transactions on credit cards appeared to have stemmed from a …
or is someone else asking: "Who on earth uses anything other than cash to buy low-cost items like icecreams?"
If someone was going to spend more than $50 at a place, fine, bring out the plastic, but otherwise it's needlessly overcomplicating a process.
Maybe I'm just old fashioned and distrust modern finance systems too much.
Have an up vote! My thinking exactly, credit cards at a Dairy Queen?? even if you are buying 50 bucks worth of ice cream, pay in cash!
I am seriously thinking of doing any payments in shops with cash ONLY! I think I'd rather be mugged for the €50 in my pocket rather than my plastic being sucked dry... there is an upside to paying cash, no NSA tracking of your cash flo...
I am seriously thinking of doing any payments in shops with cash ONLY!
Until very recently, I did not have a debit card. I have a prepaid one issued by the local post office which I've now used exactly 3 times, for purchasing items from online stores (two here in Australia, one in the UK). I reload it by taking cash to the post office and presenting the card to be reloaded. The only way I get cash out, is to go visit my bank branch and present my passbook.
The card gets used when no other payment options exist: my preference is to do cash, BPay direct deposit, or use this debit card; in that order.
You still carry cash? How quaint...
Seriously, though, credit/debit cards are incredibly convenient, whereas cash is messy and easily lost. Contactless payment schemes may be riddled with security holes, but the simplicity at POS is undeniable, and attractive to both consumers and retailers.
Yeah, it may be "quaint", but at least if I lose twenty bucks out of my wallet, all I've lost is twenty bucks.
...and there's no goddamn' way in hell you can tell me that cash is anywhere near as messy as what I'd have to deal with if some Russian mafiosi got hold of my credit card info or my banking site logins and sucked my accounts dry.
It did occur to me that what I wrote does sound a little like I'm shilling for the banking industry. I'm not though* - I don't even have a contactless payment card, I just like the idea of them, as I've very much gotten out of the habit of keeping cash about my person (I'd quite happily carry a chequebook, if cheques were still a viable payment method, in preference to cash).
With regards to the havoc that could be wrought by the "Russian mafiosi," that's the reason that I prefer to use my credit, rather than my debit card (particularly online) - as pointed out above, stolen debit card details give them access to all my money, stolen credit card details give them access to someone else's money (I've had my credit card details stolen a couple of times, and never been out of pocket as a consequence, and have enjoyed the protection that using my credit card gave me when a hotel billed me for a room I hadn't used).
An added plus of using my AMEX card is that they automatically double the manufacturers warranty on almost everything you buy (with some limits). It's saved me a bundle a few times.
Also, I have a cash back card, so at the end of the year, I get almost a grand back in cash. That's money I wouldn't have if I used cash everywhere! I pay off the card every month, so I don't pay anything to use it.
Plus in the US, credit cards typically come with theft insurance standard (Visa frequently advertises this aspect on TV). If a card is ID'd to have been stolen, the issuer can usually flag any suspicious transactions, ring you up, send a new card, and you're not on the hook for the oddball. This is especially true for cheap transactions, where it's just cheaper for the credit card company to eat the occasional small costs rather than waste money in legal battles.
"credit cards typically come with theft insurance standard"
That's exactly why I always use my credit card in preference to my debit card (but I'd use cash for small-value payments)
If someone snags my debit card, they have direct access to my money in my bank account - if they get my credit card then they have access to money that technically belongs to someone else.
(Dear Old Mum always uses her debit card because she "doesn't like spending other people's money" then got stung when she paid a lot of money to a company which went bankrupt between payment and delivery, leaving her out of pocket, and little comeback. If she'd used credit card, then the credit card company will take the hit)
Think DQ ice cream "cake" or drinks for a little league team - clearly enough to warrant use of a credit card in my book. And some people use credit or debit cards for nearly all purchases for the expense record they give.
I moved in May 2013, taking about $200 cash for cross country driving miscellaneous expenses. That lasted me until another cross country visit back to the old neighborhood in July 2014.
Having just about found enough dosh to set up the business and being understaffed usually results in several 'short-cuts' in running the business.
Far too many 'managers' of franchises shouldn't be put in charge of a tea cup ride at the fair - all they know comes from a 'business studies' course that convinced them they could take over the world.
"Dean Peters has since said it was difficult to determine if breaches occurred at any of the franchised stores which were independent and not required to report security lapses"
Sounds like they need to rewrite their franchise agreements (or just read them?). I would have thought any half competent lawyer would have put clauses in requiring the reporting of any events or actions that are likely to be potentially compromising to the licensed brand if reported on.
From the us-cert.gov posting it is obvious that the vulnerable POSs all run some variant of Windows. However, that probably is merely a reflection of the target environment, and the root fault appears (from the article) to be deployment failures : remote access (strike 1), weak credentials (strike 2), and credential reuse (strike 3).
Someone (individuals in the case of debit cards and largely banks in the case of credit cards) is eating the cost of these depressingly repetitive events and the civil courts would seem a reasonable agent for reassigning them to the responsible parties.
It all boils down to training the users. Since this takes time, many IT departments don't want to do it, so I don't blame the end-user, meaning the store clerk for this mess. The blame should go back to the IT department for not enforcing secure logins and passwords on the systems. If the IT group allows passwords such as Password1234, or 12345678, especially from remote logins, well shame on them and the company!
In a prior IT position, I was the admin for all of the point of sale for several large hotel/casino properties. We're talking about hundreds of POS terminals.
The vendor was a major US POS vendor (I won't name names), and the built in non changeable admin username AND password was the company's name! We kept demanding that it be changed, but were told "it's in the code, we can't".
There is even a way by touching certain corners of the touchscreens in a certain order, you get to a screen with all kinds of admin functions, including a command prompt window.
Anyone that's been through their training classes, knows all of this.
Biting the hand that feeds IT © 1998–2021