The headline on the technology page of CNN Money recently reported: “This code can hack nearly every credit card machine in the country”. “The passcode, set by default on credit card machines since 1990, is easily found with a quick Google search and has been exposed for so long there’s no sense in trying to hide it. It’s either166816 or Z66816, depending on the machine”. Really? But, also quite embarrassing.
We’ve become a laughing stock for hackers. With this information, hackers can go to town. They can gain access to card readers and get not only card data information but also all types of personal information. How can this happen? Password settings on systems move from manufacturers, to distributors, to vendors, to retailers unchanged. One of the well known information security companies tested the default password on several card terminals at about 120 retail locations around the country. It worked without a glitch!
Password rules are basic. Changing them every 30 days, following the PCI rules for setting passwords, using two-factors of authentication should be the norm for all retailers for all systems especially POS systems. But, retailers fail to do so, time and again. This problem reinforces the conclusion made in a recent Verizon cybersecurity report: that retailers get hacked because they’re lazy. Changing passwords has also been a low priority item on their list.
“The default password thing is a serious issue. Retail computer networks get exposed to computer viruses all the time. Consider one case investigated recently. A nasty keystroke-logging spy software ended up on the computer a store uses to process credit card transactions. It turns out employees had rigged it to play a pirated version of Guitar Hero, and accidentally downloaded the malware.” A lot of people have access to POS systems and it is not taken seriously.
If your organization is not sure of these precautionary data security measures, Omega can help. Contact us at 636-557-7777.
