Target Data Breach

We all vividly remember the massive retail hack of Target Stores last holiday shopping season, when millions of debit- and credit-card numbers were stolen from the company’s computer system. That meant millions of innocent consumers were forced to go to their nearest bank or credit-union branch and replace their cards with new ones.

But don’t think for a second that this was an anomaly. After all, when some academic security people can figure out how its done and take even that hack to a whole new level, maybe the idea of paying cash will look more attractive in the near future!

Recently at the cybersecurity conference called Black Hat 2014, there were three different sessions in the two-day event that focused on the lack of security in point-of-sale systems for retailers. Three sessions!

One of the most prominent demonstrations of a hack on a POS system involved a couple of rogue credit or debit cards. The demonstration showed how a malicious card would be swiped, injecting a Trojan horse into the POS system that will allow it to collect all of the card information on that system. A moment later, a second card swiped could not only collect all the information that was gathered, but it could also erase the Trojan off the system, so when a retailer reconciles at the end of the day there would be little or no evidence that the hack had even occurred.

Guess those pieces of paper with presidents’ heads on them sitting in your wallet suddenly look quite appealing, no?