{"id":6341,"date":"2014-09-02T12:30:11","date_gmt":"2014-09-02T16:30:11","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6341"},"modified":"2014-09-02T12:30:11","modified_gmt":"2014-09-02T16:30:11","slug":"why-hackers-may-be-stealing-your-credit-card-numbers-for-years","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/02\/why-hackers-may-be-stealing-your-credit-card-numbers-for-years\/","title":{"rendered":"Why hackers may be stealing your credit card numbers for years"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2600920\/why-hackers-may-be-stealing-your-credit-card-numbers-for-years.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/09\/credit_cards_generic-100220719-large.jpg\" alt=\"\" \/><\/a><\/p>\n<p>While conducting a penetration test of a major Canadian retailer, Rob VandenBrink bought something from the store. He later found his own credit card number buried in its systems, a major worry.<\/p>\n<p>The retailer, which has hundreds of stores across Canada, otherwise had rock-solid security and was compliant with the security guidelines known as the Payment Card Industry\u2019s Data Security Standards (PCI-DSS), said VandenBrink, a consultant with the IT services company Metafore.<\/p>\n<p>But a simple configuration error allowed him to gain remote access. From there, he found the retailer was vulnerable to the same problem that burned Target, Neiman Marcus, Michaels, UPS Store and others: card data stored in memory that is vulnerable to harvesting by malicious software.<\/p>\n<p>The problem is growing worse. The U.S. Department of Homeland Security and Secret Service warned last month that upwards of 1,000 businesses may be infected by malware on their electronic cash registers, known in the industry as point-of-sale devices.<\/p>\n<p>So why are the data thieves winning? Security analysts say point-of-sale malware is neither new nor particularly sophisticated. Programs such as Backoff, BlackPOS and JackPOS hunt down clear-text payment card details jammed in a jumble of data in a computer\u2019s memory, a process known as \u201cRAM scraping.\u201d<\/p>\n<p>Merchants who handle card data are required to be PCI-DSS compliant or face liability if cardholder data leaks. But the latest security specification, PCI-DSS version 3.0, doesn\u2019t mandate that merchants use technologies that encrypt card data from the moment a person\u2019s card is swiped, referred to as point-to-point encryption.<\/p>\n<p>Using that kind of technology would eliminate the in-memory malware problem, security experts say.<\/p>\n<p>The PCI Security Standards Council, which develops PCI-DSS, did recommend last Wednesday that merchants switch to using that kind of encryption technology.<\/p>\n<p>But retailers often have long technology refresh cycles, so it could be five to seven years before most move to it. Fraud is expected to migrate from big retailers that resolve the weaknesses to smaller ones who have not, said Avivah Litan, a Gartner analyst who consults with banks and card companies.<\/p>\n<p>\u201cIn general, I think we are stuck with these point of sale breaches for many years,\u201d Litan said.<\/p>\n<p>Full Story: <a href=\"http:\/\/www.pcworld.com\/article\/2600920\/why-hackers-may-be-stealing-your-credit-card-numbers-for-years.html\" target=\"_blank\">Why hackers may be stealing your credit card numbers for years | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While conducting a penetration test of a major Canadian retailer, Rob VandenBrink bought something from the store. He later found [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,9,10],"tags":[238,453],"class_list":["post-6341","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-technology","tag-credit-card","tag-hackers"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1Eh","jetpack-related-posts":[{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":6341,"position":0},"title":"Odorless and Weightless Hackers &#8211; This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9522,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/02\/24\/will-it-bend-this-week-in-tech-707\/","url_meta":{"origin":6341,"position":1},"title":"Will It Bend? &#8211; This Week in Tech 707","author":"NCCT","date":"February 24, 2019","format":false,"excerpt":"https:\/\/youtu.be\/qC0DabXmX8Q Folding phones at MWC, Hololens 2, conspiracies on YouTube, and more. -- Foldable Phones Hit MWC 2019 -- Microsoft Announces Hololens 2 -- Netflix at the Oscars -- Apple and Goldman Sachs Release Credit Card Linked to iPhone -- Apple to Combine iPhone, iPad and Mac Apps -- YouTube:\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/qC0DabXmX8Q\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9364,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/06\/03\/this-week-in-tech-669-15-minutes-of-fun\/","url_meta":{"origin":6341,"position":2},"title":"This Week in Tech 669: 15 Minutes of Fun","author":"NCCT","date":"June 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/KQc0YlNQNfY --Apple's WWDC this week looks like it may be a disappointment for anyone hoping for new hardware. --Facebook is killing its \"Trending Topics\" section. --Teens prefer Instagram and Snapchat to Facebook; close to half are \"almost constantly\" online. --The Atari VCS is coming soon for expensive retro gaming. --Scooters\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/KQc0YlNQNfY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":6341,"position":3},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9936,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/nvidia-is-at-it-again-more-crumbs-for-gamers\/","url_meta":{"origin":6341,"position":4},"title":"NVIDIA is at it again&#8230; More &#8220;crumbs&#8221; for gamers&#8230;","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/cBeQWEtBB0k 5060 and 5060Ti Rumors seem to be very plausible... and if these rumors are true then you should avoid them at all costs...","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/cBeQWEtBB0k\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9387,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/29\/this-week-in-tech-677-to-serve-cat\/","url_meta":{"origin":6341,"position":5},"title":"This Week in Tech 677: To Serve Cat","author":"NCCT","date":"July 29, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9koTMZi05pk This Week in Tech Facebook's stock crash, Tesla surfboards, Russia hacks utilities, and more. -- Jason Calacanis tells us what's going on with his buddy Elon Musk. -- Apple fixes the MacBook Pro's throttling issue. -- Facebook and Twitter stock takes a dive over poor growth numbers, but Google\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9koTMZi05pk\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6341"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6341\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}