Following the News that GameStop are looking into a potentially serious credit card breach. GameStop has confirmed that it’s looking into a possible data breach that compromised credit card info between September 2016 and February 2017. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys commented below.
Mike Ahmadi, Global Director – Critical Systems Security at Synopsys:
“This is yet another example of a basic misunderstanding of the scalability of an attack resulting from an inherent vulnerability. Payment systems that rely on the archaic use of numbers and passwords are prone to breeches of the systems and capture of the information needed to mount an easily scalable compromise, which could proliferate globally within minutes. The payment industry has taken steps to address this through the use of secure chip cards and readers, which are indeed very effective at preventing scalable attacks, since the system does not transmit unencrypted data, and the keys are securely stored in a physical environment. This can also be accomplished through the use of NFC enabled smart phones that use touch-enabled payment systems and what are known as secure elements, but in order to be effective such systems must be implemented with secure elements and digitally signed identities throughout the entire system, rather than using the hybrid system many are using today. Until this happens we can simply expect breeches to become more prolific and common, as hackers continue to exploit the seemingly endless vulnerabilities plaguing today’s systems.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.