Reply to post: Re: > with no physical connection ... they won't be able to break in, and data can't get out.

Home Depot: 56 million bank cards pwned by malware in our tills

Anonymous Coward
Anonymous Coward

Re: > with no physical connection ... they won't be able to break in, and data can't get out.

Don't agree,

If stores like Home Depot had anything approaching a clue, the segmented network approach you describe would have been implemented from day one.

POS terminals with hardened encrypted cable connections routed through secure, heavily isolated, regularly audited data centers and no local storage of CC numbers, pins, IDs or anything else remotely compromising would also be a good start. But try to explain all that to Target shareholders and executives.

Unfortunately, the real world is full of businesses handling confidential financial information on unaudited hardware. Often that hardware is connected to wifi and/or open public networks where it will just be hacked over and over again. To make you feel better, some of these hacked businesses will buy you free identity theft insurance for a year after your bank account has been cleaned out and your credit rating ruined.

It's sad really.

After reading some of the comments here, I too wonder if jailing the clueless CEOS and IT staff that let it happen wouldn't improve things, but I don't actually think so.

Their very cluelessness makes them like a drunk who has been rolled, he shares partial responsibility for his situation, but in the end he was just overpowered by smarter, stronger people.

What might actually work though is this:

Make it illegal for any store to electronically process CC information unless it submits to regular security audits and is certified to use mandated best security practices and architecture.

Liability claims eventually made automobiles much safer, why can't we do the same with frickin' cash registers?

And if stores are still too clueless or poor to manage that, then they would need to pay someone to do if for them or else work with non-electronic means of payment only.

It sounds harsh, but by hitting everyone's bottom line (particularly the credit card companies) we might actually get some results.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon