SoylentNews is people
SoylentNews
from the data-breaches,-faster-than-the-speed-of-business dept.
Ars Technica reports:
Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.
In an announcement posted Wednesday to its website, UPS said that 51 locations, or around one percent of its 4,470 franchised stores across the country, were found to have been penetrated by a “broad-based malware intrusion.” The company recorded approximately 105,000 transactions at those locations, but does not know the precise number of cardholders affected.
UPS did not say precisely how such data was taken, but given the recent breaches at hundreds of supermarkets nationwide, point-of-sale hacks at Target, and other major retailers, such systems would be a likely attack vector. Earlier this month, a Wisconsin-based security firm also reported that 1.2 billion usernames and passwords had been captured by a Russian criminal group.
(Score: 4, Informative) by tibman on Thursday August 21 2014, @08:15PM
Typical chipped cards have a small processor of sorts. The authenticator sends a challenge to the card. The on-board processor creates a response and returns it to the validator. The transaction is authorized because the card proved that it is the original. Never did the secret code leave the card. A replay attack can't be used because the credit-card authority is the one generating challenges for each transaction.
You are right though that this does not solve the original problem. The card details were still copied. It would only prevent those details from being used in a fraudulent transaction.
SN won't survive on lurkers alone. Write comments.