Following the news that Wendy’s POS breach larger than first reported, Péter Gyöngyösi, Blindspotter Product Manager, Balabit commented on this news below.

Gyöngyösi, Blindspotter Product Manager at Balabit:

Péter Gyöngyösi

“The slow but steady transition underway in the US that would eventually replace classic magstripe cards with chip-and-pin ones will certainly reduce the breadth of such attacks, as it will no longer be possible to just simply dump the information stored on these cards and clone them by the millions. But all is not fixed: chipped cards have been in use for a decade in Europe and credit card fraud is still happening, albeit in different ways and forms, and at a lower rate. It all boils down to the extreme difficulty of keeping things secure if a point-of-sale terminal or an ATM can be compromised. There are ways to do that –  chip-and-pin is a solution designed to address this very issue but there are still a huge number of things that can go wrong.

There’s nothing much consumers can do apart from insisting on using the chip instead just swiping the card, and avoid using their card at shady locations. Merchants, however, can take some important steps to ensure that they and their customers won’t fall victim of such attacks. The first step is to realize that POS terminals are extremely attractive targets for attackers, and treat them accordingly. Ensure that the network connection is protected and firewalled from the rest of the infrastructure. Apply all firmware updates as soon as they become available. And just as they would keep a close eye on any access to critical infrastructure, it’s important to monitor and analyze all administrative traffic that goes to these terminals. There should be no updates that the merchant doesn’t know about, and any amounts of large or unusual traffic should raise an alarm.”

Information Security Buzz