Yes, just as predicted. Sears admits to a data breach at Kmart. These types of breaches will continue since retail chains are not taking enough steps to protect customers. Hackers are coming up with new ways to infiltrate store systems, and retail chains are too lazy to change their ways.
Sears believes that hackers were able to get some credit and debit card numbers, but that PINs and other personal information were not stolen. The breach occurred in September and Sears is just now informing customers.
https://uk.news.yahoo.com/sears-holding ... ml#RHhzhOT
Kmart Data Breach
-
Super S
- Posts: 2727
- Joined: April 1st, 2009, 9:27 pm
- Has thanked: 17 times
- Been thanked: 63 times
- Status: Offline
Re: Kmart Data Breach
Not surprised, especially after my observations with the Sears stores that are using ipads to ring up purchases (which I mentioned in another thread). I am very leery of any chain using wireless POS devices at this point. When there seems to be a data breach affecting a large retailer every week it seems, there is a huge problem that needs to be addressed. This is the reason I was so reluctant to get a debit card, the only reason I did was because several stores I visit regularly no longer accept checks due to excessive check fraud.
-
submariner
- Founder of RetailWatchers.com
- Posts: 573
- Joined: February 22nd, 2009, 10:35 am
- Location: Canberra, ACT, Australia
- Has thanked: 5 times
- Been thanked: 25 times
- Contact:
- Status: Offline
Re: Kmart Data Breach
As someone who works in network security, I'd say the iPads and other wireless POS methods themselves are not typically the issue. The malware is usually tied to conventional POS systems running Windows or the server backends handling the actual data.
The problem also comes when companies refuse to invest in proper technologies to detect or prevent these problems (Home Depot was using Antivirus software that stopped getting updates two years ago). The other problem is management that would rather lie on PCI (Payment Card Infrastructure) assessments in order to 'pass' their annual audits. That's honestly the bigger problem at hand here.
A struggling retailer would rather fudge numbers and continue taking credit card payments than risk losing the ability to take credit cards because they don't want to spend money to secure their infrastructure properly.
Next October, when the responsibility of card fraud for swiped transactions gets shifted to the retailer versus the bank, we'll hopefully start seeing retailers taking more responsibility in their infrastructure.
Chip-and-Pin, NFC, and other payment methods using single-use transaction codes versus raw card number data will fix a large amount of this. Even today, I notice at least 80% of retailers I visit these days already have chip-capable card readers. Now we just have to pressure our banks to catch up and join the program.
The problem also comes when companies refuse to invest in proper technologies to detect or prevent these problems (Home Depot was using Antivirus software that stopped getting updates two years ago). The other problem is management that would rather lie on PCI (Payment Card Infrastructure) assessments in order to 'pass' their annual audits. That's honestly the bigger problem at hand here.
A struggling retailer would rather fudge numbers and continue taking credit card payments than risk losing the ability to take credit cards because they don't want to spend money to secure their infrastructure properly.
Next October, when the responsibility of card fraud for swiped transactions gets shifted to the retailer versus the bank, we'll hopefully start seeing retailers taking more responsibility in their infrastructure.
Chip-and-Pin, NFC, and other payment methods using single-use transaction codes versus raw card number data will fix a large amount of this. Even today, I notice at least 80% of retailers I visit these days already have chip-capable card readers. Now we just have to pressure our banks to catch up and join the program.
Re: Kmart Data Breach
I Agree with Aaron fully. The equipment kmart has the IBM sure pos systems or should I say "piece of shit" 
. They are from 2000-2002,when they were rolled out pre bankruptcy. The pin pads are not surely fastened onto the pedestals. So anyone could swap them out since a lot of the employees have no damm clue a clue about the equipment. The back office server Aaron is referring to is a joke. The system is not secure and neither is the equipment so I can see what Aaron is saying about the compliance, during the liquidation the registers were over taxed and the back office server could not handle it.
. They are from 2000-2002,when they were rolled out pre bankruptcy. The pin pads are not surely fastened onto the pedestals. So anyone could swap them out since a lot of the employees have no damm clue a clue about the equipment. The back office server Aaron is referring to is a joke. The system is not secure and neither is the equipment so I can see what Aaron is saying about the compliance, during the liquidation the registers were over taxed and the back office server could not handle it.
Last edited by jbarn02 on October 12th, 2014, 12:39 pm, edited 1 time in total.
Re: Kmart Data Breach
submariner wrote:As someone who works in network security, I'd say the iPads and other wireless POS methods themselves are not typically the issue. The malware is usually tied to conventional POS systems running Windows or the server backends handling the actual data.
The problem also comes when companies refuse to invest in proper technologies to detect or prevent these problems (Home Depot was using Antivirus software that stopped getting updates two years ago). The other problem is management that would rather lie on PCI (Payment Card Infrastructure) assessments in order to 'pass' their annual audits. That's honestly the bigger problem at hand here.
A struggling retailer would rather fudge numbers and continue taking credit card payments than risk losing the ability to take credit cards because they don't want to spend money to secure their infrastructure properly.
Next October, when the responsibility of card fraud for swiped transactions gets shifted to the retailer versus the bank, we'll hopefully start seeing retailers taking more responsibility in their infrastructure.
I agree overall with this Aaron, but the big thing is sears is running an outdated IT platform especially at Kmart.
Chip-and-Pin, NFC, and other payment methods using single-use transaction codes versus raw card number data will fix a large amount of this. Even today, I notice at least 80% of retailers I visit these days already have chip-capable card readers. Now we just have to pressure our banks to catch up and join the program.
Sorry new at this overall I agree with Aaron. But the back office system Kmart runs is horrible out of date and each time they upload new crap to the system it makes things worse. So I think the anti-malware is the last thing on their minds?