Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Registers May Expose Your Credit Card

Posted by timothy on from the remember-dilbert's-waitress dept.

flynt writes: "Found this article about people sitting in Best Buy parking lots with wireless sniffers and intercepting credit card numbers that the wireless cash registers inside the store are beaming about. Gives more credence to the idea of one time use credit card numbers. Now you don't even have to be online to have your number stolen."

11 of 229 comments (clear)

  1. Re:Sucks by Namoric · · Score: 2, Insightful

    You are asking people to THINK. It just won't happen.

  2. Credit cards *are* insecure by burts_here · · Score: 3, Insightful

    the whole concept of having a card with a number on which you can tell people down the phone, send down the internet, give to people in shops/restauratns is very very insecure, I've ordered stuff on my mums card before, do they care that i'm not my mum, do they shit. If people have to resort to wireless scanners to get card numbers they are throwing way to much money at the exercies, you can get card details much esier from bins, old till rolls etc...
    i have developed a foolproof method of fooling them though, dont have a credit card, ok so they wont actully give me one yet but hey...

    --
    Burt "Out of my mind back in 5 minutes"
  3. steal away. by catwh0re · · Score: 1, Insightful

    this is an issue absorbed by the credit card company, so it doesn't effect the consumer in any other way than inconvenience.

  4. Irresponsible? by FyRE666 · · Score: 2, Insightful

    Why on Earth would a store be "beaming credit card numbers about" with no though to security? Seems they've opened themselves to a wave of court cases and possible fraud. Then again, every time you give your card to a waiter or till operator there's a chance the underpaid employee will be stealing the details via a personal "swiper". There was a programme on UK tv recently discussing this widespread fraud...

    --
    Code, Hardware, stuff like that.
  5. Re:Just my luck by FyRE666 · · Score: 2, Insightful

    I've always thought it to be inconvenient, but if this is true maybe more people will purposely disable their cards in such a fashion.

    ??? How would this be more secure. The same data will still be transmitted, it's just a different entry method!

    --
    Code, Hardware, stuff like that.
  6. security by jaavaaguru · · Score: 5, Insightful

    Lock down all ports on the server except SSH, and force the cash register client machines to tunnel through SSH for everything. I use it at home, work and university. It's better to be over security-conscious than being to relaxed about it.

    However, that's just covering up the symptoms of a greater problem. It would be better if credit cards used a public/private key system, where the acocunt number is sent to the central server which responds with a random encryption challenge, then a chip on the card encrypts the string using it's key and replies. That way no useful security information is being pased around for others to intercept and use.

    --
    Follow me
  7. There should be system security inspections. by Innominate+Recreant · · Score: 3, Insightful
    Each time I fly somewhere, I don't inspect the plane before boarding it. When I go to the grocery store, I assume that the government has inspected the facilities that produce the food I buy. The average consumer has neither the time nor the expertise to inspect each plane or food processing plant to decide if it meets a reasonable standard.

    Government inspection doesn't mitigate any responsibility that a food plant or an airline has. It merely provides the consumer with some assurances. And in most cases (not all) it works. Most of us buy food every week, and most of us don't die of food poisoning. Most planes take off and land safely. However, the food producer or the airline company is still responsible for the product.

    As we rely more system security in our daily business transactions, I think that rigid standards of system security should be created and enforced.

    If we start holding irresponsible retailers, like Best Buy in this case, accountable for damages, you'll see consumers *and* retailers lobbying for such an effort.

  8. Why bother? Thieves can just guess. by j09824 · · Score: 4, Insightful
    Credit card thieves can simply brute force the credit card numbers. Some banks helpfully even assign credit card numbers sequentially or predictably, and the credit card number space is too small anyway.

    Social security numbers used as identification, credit card numbers, and a whole host of other "real world" identifiers and systems are simply extremely sloppy security. In the past, that meant that only a few customers got screwed. With modern computer equipment, a lot of people get screwed.

    What is particularly annoying about it is that the companies that put this sloppy security in place never really have given a damn about protecting their customers--as long as the casualties are not too many and don't frighten the masses away, it's acceptable. In most cases, companies that use sloppy identifiers or security end up not even being legally liable for the trouble and expenses they are causing their customers.

  9. Trust by infiniti99 · · Score: 5, Insightful

    Someone down the line knows your credit card number. If you hand your card to the person at the register, then you are placing trust in them. If your information is stolen by a 3rd party, then it is because of the incompetence of whoever you placed your trust in.

    According to the article, Best Buy has since stopped using wireless cash registers. Still, I think the problem is not with wireless itself, but the particular implementation Best Buy was using. Couldn't they simply encrypt the data?

    Of course, credit cards are inherently problematic. Although I use credit cards, I think the system is poorly designed. Basically, you say to a guy, "here's a key to my safe, please only take what you need." IMO, it should be the reverse. We should *give* them the money, possibly by authorizing a transaction via your bank (a cell phone would be the best way, so you don't have to trust an in-store terminal) Thus, everyone would be able to give, but not take. As it stands, credit cards have the worst security of anything. It's ironic too, since a lot of us computer enthusiasts will rant all day about how everyone should be using ssh and GPG, yet we give our login and password to the waitress next time we eat.

  10. No credit card fraud before the internet? by p4k · · Score: 5, Insightful
    Now you don't even have to be online to have your number stolen.

    Like you ever did need to be online to get your number stolen - easiest way to steal credit card numbers is to get a job in a retail outlet and record numbers of customers cards.

    This is *the* classic error in security thinking - only consider the hardware, ignore the human factors.

  11. high tech credit card theft by GutBomb · · Score: 4, Insightful

    with everyone paranoid about credit card theft using high tech means people seem to forget that while most internet transactions are safe, what you really need to worry about are people who actually handle your card.

    The cashier has access to your nubmer. the accountant has access to your number. the manager of the store has access to your nubmer. some stores print the entire number on reciepts so anybody willing to dumpster dive has access to your number. waiters and waitresses who carry your card off to the register in a restaurant has access to your number...

    and now people in the parking lot have access to your number.