Home Depot Card Breach

[Alpha8472]

The malicious software used to steal 56 million customer credit and debit card numbers at The Home Depot was installed on the self checkout machines. The self checkout machines seem to be where many credit card breaches happen. Often, the self checkout units are unattended or the attendant is distracted by other customers who need assistance. It only takes a short period of time for a skilled criminal to tamper with the self checkout machine.

The vulnerable parts are the credit card reader or a usb slot. Once software is installed, the machine can operate normally and not give any sign of being tampered with.

When will these retail chains realize that these self checkout machines are a security breach waiting to happen? These companies are so desperate to save money by replacing employees with machines that they don't realize that the amount of money that they will lose when customers stop shopping at their stores due to a credit card breach.

Now, no one will want to use the self checkout at The Home Depot. I will not be patronizing The Home Depot unless I am totally desperate. I certainly will not use a credit or debit card. If I am paying cash, I doubt I will buy anything expensive. Who carries that much cash with them these days? The Home Depot will lose out on tons of sales, because customers will use cash and spend less.

What about Apple Pay or those pay with your cell phone devices at the cash register? I think we will see a huge lack of confidence in this technology and similar technologies for years to come.

[storewanderer]

They are still fighting over "Chip and Signature" or "Chip and PIN." I cannot for the life of me understand why it is even up for discussion. Visa and MasterCard for some reason are against the PIN.

I would think anyone who has a credit card knows all about a PIN due to having experience with an ATM Card or Debit Card.

It seems many retailers working with cards are saying they will offer Chip and PIN versions.

The whole thing seems poorly organized and poorly coordinated. And will there be more data breaches?

[Alpha8472]

It is only a question of when, not if another breach will happen. IKEA got rid of self checkout machines, most likely not because they just felt like it, but because these self checkout machines was where another chain was hacked. Self checkout machines of this kind are vulnerable to hacking and the credit card readers are able to be easily hacked as well. It was either get rid of those self checkout machines or face billions in losses like Target, when thieves steal your customers' credit card numbers.

I was at another big retail chain making a purchase several months ago. A technician from NCR was talking to employees saying the credit card readers must be bolted down. Why? They were brand new style readers, but if a criminal replaces it with a tampered unit, the credit card numbers can be stolen! Those new credit card readers are not totally safe and secure.

The self checkout units with the vulnerability are the same ones found at Safeway, Vons, Albertsons, and many other chains. The credit card readers that I saw being bolted down were the same ones used at CVS, Safeway, McDonald's, Walmart, etc. The credit card readers to watch out for are the Verifone readers. These cheap things are just waiting for a hacker to come and hack it.

Chip and PIN is more secure, but banks don't want to use PINs for credit cards in the US. Those banks think that if a person has to remember a PIN, that customers will use their cards less. Banks are so greedy because every single swipe puts money in their pockets. Retail stores are charged a credit card fee for every swipe and banks want as many swipes as possible. If a customer forgets their PIN, that is one swipe that the bank cannot get any profit off of.