Skip to main content

Ads

loading...

Featured Post

Kevin Abstract - ARIZONA BABY Music Album Reviews

The BROCKHAMPTON star’s latest solo album is an often powerful document by a queer artist who has weathered life’s bruises.
In a move inspired by Shia LaBeouf’s bemusing catalog of durational work, Kevin Abstract recently endured 10 hours on a treadmill on a suburban street of his hometown, Corpus Christi, Tex. While running, the BROCKHAMPTON singer and rapper multi-tasked: He took selfies, signed sneakers, posed with a baby, and mumbled along to the chorus of his recent single, the yearning gay love song “Baby Boy.” Abstract vaguely told one fan that the performance was to teach empathy—indeed, you could interpret it as an allegory for the upstream battle to make it out of suburbia for so many kids—but that didn’t save it from feeling like a stunt.

Ads

ads

Flipboard

Flipboard

A Burger, an Order of Fries, and Your Credit Card Number


Why it’s so easy for hackers to steal financial information from restaurants.

Is your credit card number at risk when you go to a restaurant?
Photo by Pascal Le Segretain/Getty Images.

At some point in your restaurant-going life, you’ve probably felt a pang of doubt when you handed over your Visa card. How easy it would be, you probably thought, for a waiter to copy your credit card number and head out on a shopping spree. You probably got over it, reasoning that people who do such things probably get caught. And maybe you’re right. But that doesn’t mean you’re safe. The real threat isn’t that your charming waiter will steal your financial information. It’s that the Russian mafia will steal it from your waiter.







On Thursday, Verizon released its Data Breach Investigations Report, an annual landmark in the data-security industry. The big story this year, Verizon reports, was the rise of “hacktivists”—vigilantes who orchestrate high-profile cyber-attacks on big corporations, government entities, and even Internet security companies, usually to make a political statement (although sometimes, it seems, out of sheer vindictiveness). These are the attacks that make headlines, and for good reason: They’re sophisticated, brazen, and sometimes downright scary.

But if 2011 was “the year of the hacktivist,” as Forbes proclaimed, every year is the year of the run-of-the-mill cybercriminal. For at least a decade, organized crime groups around the world, but particularly in Eastern Europe, have been honing their hacking skills in a bid to capture our credit card and bank account numbers. Increasingly, they’re targeting restaurant franchises and other small businesses by hacking their point-of-sale checkout systems, which are often woefully insecure. And, as the Verizon report shows, they’re getting better at it all the time.
Advertisement

Unlike hacktivists’ flashy attacks, these criminals’ exploits rarely make the news. Publicity is not in their interest, and it can takes months for their victims to find out they’ve been hit. When businesses do learn they’ve been compromised, they often conclude that publicizing the crimes wouldn’t be in their interest either. For these reasons, attacks on retail establishments fly under the radar, though they vastly outnumber those orchestrated by well-known groups like Anonymous and LulzSec, which accounted for just 3 percent of the 855 data-breach cases covered in the Verizon report.

Restaurants were easily the most-targeted businesses, accounting for over half of all reported attacks. Retail stores were second, at about 20 percent. The findings are consistent with those of a similar report released earlier this year by Trustwave, an information security company, which found that the food and beverage, retail, and hospitality industries combine to account for 80 percent of data breaches.

Why are small businesses such frequent targets? Because they offer hackers the easiest path to your financial information. In fact, security consultants say, there’s an entire underground industry built around extracting customers’ credit card numbers from retailers’ point-of-sale systems.

Rich Mogull, an information security analyst who runs a company called Securosis, explains that a typical cybercrime works something like this. First, a hacker—often in Russia, but sometimes in the United States, Romania, Vietnam, or elsewhere—uses special software to scan a portion of the Internet for IP addresses that look like they might belong to the servers restaurants and retailers use to transmit credit and debit card data. When they find them, they send that information to another program that starts trying common passwords to log into the server remotely.

Many of the companies that install point-of-sale systems for small businesses neglect to set up unique passwords. When hackers find one that works at a particular franchise of a chain restaurant, they add it to the list, and often find it works at dozens or hundreds of others as well. In one of the few cases that registered on the national news radar, a Romanian gang allegedly poached credit card information from 200 Subway sandwich outlets in the United States over three years.

Once they tap into the servers, hackers often install programs to log credit card numbers. After they get the numbers, the shrewder criminals don’t use them right away. Instead, they bundle and sell them on the black market. Verified numbers fetch more than unverified ones; those with names attached fetch more still.

Customers don’t learn their information has been compromised until weeks or months later, when their banks flag purchases as suspicious. Even then the banks can’t always tell where the breach originated. And when restaurant owners do find out they’ve been hacked, some, like Harry Trubounis of SideBar 410 in Dayton, Ohio, are scrupulous enough to email their regular customers and notify them. Those are the ones that occasionally end up in the local newspaper. “I wanted to be extremely proactive in dealing with it,” Trubounis told me. But not all restaurant owners want to risk the bad publicity, even if the breach wasn’t really their fault.

Not all cybercrimes happen exactly like this. Sometimes hackers use proximity or special knowledge to target an individual business. For instance, they’ll sit down in a café, order a latte, and proceed to log into the coffee shop’s unsecured point-of-sale system through its free Wi-Fi network. Or, in somewhat rarer cases, they enlist an employee to help them. Verizon estimates 4 percent of all data breaches are inside jobs. And yes, your smiling waiter will occasionally betray you by taking down your information when you’re not looking. These days they use skimmers. But it’s hard to do that for long without getting caught, especially if you’re using the cards to make purchases locally—as a ring of thieving waiters at fancy New York restaurants recently discovered.

But more often, it’s not your waiter who’s ripping you off. It’s a junkie in Maryland allegedly hacking Seattle restaurants’ servers to score heroin money, Russian thieves hacking restaurant wholesalers, or unknown miscreants hacking Jumper’s Junction sports bar outside of Pittsburgh or a Chili’s on Yokosuka Naval Base in Japan.

Security analysts say restaurant owners and the companies that install their point-of-sale systems are becoming more aware of the danger of credit card thieves. Scott DeFife, an executive vice president at the National Restaurant Association, told me his Washington, D.C.-based group makes an effort to educate its members about the risks of cybercrime. And compared with the size of the U.S. restaurant industry, which employs 13 million people, the scale of the problem is relatively small: probably hundreds of breaches each year, affecting perhaps hundreds of thousands of customers.

Yet the Verizon report suggests business owners could still be doing a lot more: 96 percent of all data-breach hacks were “not highly difficult”—up from 92 percent last year. The number was enough to spur Verizon to take an unusual step this year. On Page 62 of its report, it includes a cut-out section with simple tips for securing point-of-sale systems and encourages customers to hand it to the managers and owners of their favorite local haunts. At the bottom it says, “For more information, visit www.verizon.com/enterprise/databreach (but not from your POS).”

Comments

ads

loading...
Related Posts Plugin for WordPress, Blogger...
Loading...

Popular posts from this blog

Game Of Thrones Season 8 - End Game With Sinhala Subtitles

Nokia 7.1 Review

With Android One, great build quality and a sensible price the Nokia 7.1 is a winner in a crowded market. Here's our full review
Should I buy the Nokia 7.1?
The Nokia 7.1 is a familiar mid-range phone for the end of 2018: a notch, big bottom chin and dual cameras. But these cameras are pretty good, and the display is lovely.Its build quality is above average though, and with Android One on board and decent performance it’s an excellent mid-range phone with the advantage of three years of guaranteed security updates.

Nokia 7.1 Review: Hands-on

With Android One, great build quality and a sensible price the Nokia 7.1 could be a winner in a crowded market. Here's our hands on review By Henry Burrell | 5 hours ago
The Nokia 7.1 is a familiar mid-range phone for the end of 2018: a notch, big bottom chin and dual cameras.

Mark Zuckerberg Builds A Sleep Box For Wife To Have A Peaceful Sleep

Facebook founder Mark Zuckerberg expressed his love and gratitude by making an innovative wooden ‘sleep box’ for his wife Priscilla to have a peaceful sleep at night. The American tech entrepreneur, took his Instagram account and showed off his invention that helps his wife to sleep peacefully through the night as she cares for their children. The invention is known as the sleep box and emits a faint light between 6 am and 7 am so, Priscilla Chan can know that their two toddler daughters are about to wake up, without the need to have to check her phone.

Disney Plus Release Date, Price, Exclusive Shows & UK Launch

Here's what to expect from Disney's upcoming Netflix rival Disney+, including when it's launching, how much it'll cost, and what you'll be able to watch on it
Disney is the latest company to wade into the film and TV streaming game with Disney+ - or Disney Plus if you prefer - a new streaming service that will let you watch all of the Mouse House's best and brightest in one place.

Like Fan Page