Although it is reported that “very limited” credit and debit card information was accessed in the Wetherspoons breach, it is of no less significant concern that personal details including names and email addresses may have been stolen. In fact, theft of card details is relatively easy to ‘deal with’ – they can be blocked and replaced. It’s the other – seemingly innocuous – information that can pose a bigger problem. ...
Today’s retail POS system looks very different to the Ritty Brothers’ ‘Incorruptible Cashier’of 1870. Now, as the muzzle of even the latest POS system begins to grey, there’s a new pup on the block – mPOS. The common thread throughout all these innovations? The need to ensure that these machines and data are ‘incorruptible’ from a security perspective. For Ritty, it was as simple as preventing dishonest employees from pocketing money instead of depositing it. With the move to software-based POS terminals, it became much more complex, bringing the need to secure phone lines, and later leased ISDN lines back to the acquirer. The use of hardware-based encryption is recognised by the card schemes as the most practical and secure mechanism to achieve the necessary level of protection. However, the move to increasingly distributed computing is beginning to expose the cracks in protecting the channel, rather than the data itself. We only have to look to Target, Neiman Marcus, or the stores affected by the Chewbacca malware to see the systems under attack and the financial and reputational repercussions of a breach. ...