CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Offline
CKA Uber
CKA Uber
 Vancouver Canucks
User avatar
Profile
Posts: 30650
PostPosted: Fri Dec 27, 2013 11:47 am
 


Title: Target hackers got card PIN numbers too
Category: Business
Posted By: DrCaleb
Date: 2013-12-27 10:44:22
Canadian


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 53843
PostPosted: Fri Dec 27, 2013 11:47 am
 


The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?


Offline
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 65472
PostPosted: Fri Dec 27, 2013 11:53 am
 


DrCaleb DrCaleb:
The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?


If they don't have your PIN then they can't help themselves to your money when they want to.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 53843
PostPosted: Fri Dec 27, 2013 12:00 pm
 


BartSimpson BartSimpson:
DrCaleb DrCaleb:
The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?


If they don't have your PIN then they can't help themselves to your money when they want to.


Eggzaktlee. And they make their payment systems specifically chip-card incompatible so that they have the ability to record this information. But since they can't seem to keep their in store only data from escaping on the internet and creating huge privacy breaches, I still can't think of a business case where that makes sense. I also can't think why Provincial Privacy Commissioners across Canada let them keep this information.

Then again, I can't understand people giving them the data, their phone number and an email address in the first place.





PostPosted: Fri Dec 27, 2013 1:26 pm
 


DrCaleb DrCaleb:
The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?


$1:
Target said it doesn't have access to nor does it store the encryption key within its system, and the PIN information can only be decrypted when it is received by the retailer's external, independent payment processor.
...
In 2009 computer hacker Albert Gonzalez plead guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted companies such as T.J. Maxx, Barnes & Noble and OfficeMaxe. Gonzalez's group was able to decrypt encrypted data.


This is what happens when people assume that encryption is infallible. In a POS system you have to store the encrypted data at least briefly, and you can bet that the "retailer's external, independent payment processor" assured them that once data is encrypted nobody can ever decrypt it without the key.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 53843
PostPosted: Fri Dec 27, 2013 1:42 pm
 


Curtman Curtman:
This is what happens when people assume that encryption is infallible. In a POS system you have to store the encrypted data at least briefly, and you can bet that the "retailer's external, independent payment processor" assured them that once data is encrypted nobody can ever decrypt it without the key.


I laughed when they said that too. PINs are 5 digits max 100,000 combinations, usually 4 digits for 10,000 combinations. With a population of 10 million PINS, there will be some overlap. Figuring out the encryption keys won't be an 'NP complete' kind of a problem.


Post new topic  Reply to topic  [ 6 posts ] 



Who is online

Users browsing this forum: No registered users and 30 guests




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.