« The Deep | Main | One more time with comments »

May 05, 2007

Safer to shop on the net?

Here's an article from yesterday's Wall Street Journal online about lack of data security in brick-n-mortar stores. Some of this stuff is pretty hard to believe (the emphasis below is mine).

How Credit-Card Data Went Out Wireless Door
Biggest Known Theft Came from Retailer With Old, Weak Security
By JOSEPH PEREIRA
May 4, 2007; Page A1

The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.

There, investigators now believe, hackers pointed a telescope-shaped antenna toward the store and used a laptop computer to decode data streaming through the air between hand-held price-checking devices, cash registers and the store's computers. That helped them hack into the central database of Marshalls' parent, TJX Cos. in Framingham, Mass., to repeatedly purloin information about customers.

The $17.4-billion retailer's wireless network had less security than many people have on their home networks, and for 18 months the company -- which also owns T.J. Maxx, Home Goods and A.J. Wright -- had no idea what was going on.

[...]

The company says the hackers may even have lifted bank-card information as customers making purchases waited for their transactions to be approved. TJX transmitted that data to banks "without encryption," it acknowledged in an SEC filing. That violates credit-card company guidelines, experts say.

Via WServerNews.

Posted by joke du jour at May 5, 2007 06:00 PM

« The Deep | Main | One more time with comments »

Trackback Pings

TrackBack URL for this entry:
http://crainium.net/ajw-mt/mt-tb.fcgi/1329

Comments

I'm surprised because I would have thought that the BANK chooses the connection parameters, not the retailer.

Posted by: pebecker [TypeKey Profile Page] at May 6, 2007 07:49 AM

Post a comment




Remember Me?

(you may use HTML tags for style)

Send this to a friend

E-mail this entry to:


Your e-mail address:


Message (optional):