[Info-vax] One possible market for VMS: secure credit card

[JF Mezei]

On 15-03-22 07:43, Jan-Erik Soderholm wrote:

> The common way to collect card information is to tamper with the
> card terminals themselfs.

In the Cape May ferry example, they mentioned that the food outlets at
terminals and on-board were compromised. The word "malware" was used in
one of the press releases.

Looks to me like some solution that involved cash registers sending
credit card transactions to some sort of central PC which then
communicates with the credit card processor likely over internet. If all
the terminals were compromised, it would point to an inside job by
someone with access to all the terminals on shore and on ships.

The issue here isn't so much the terminals. With chip and pin (deployed
just about everywhere outside the USA that is still stuck with mag
stripes),  compromised terminals are rare as the communication is
encrypted by the card itself.

But that still leaves open all internet based stores which use the "No
card present" and (unfortunately) store credit card info for some reason
which escapes me.  Theft of those databases is growing and represents
major fraud losses before banks clue in on a particular merchant. (must
analyse what is in common between cardholders whose card was comprimised
from different banks to see that they all have 1 store in common).

Stores like Target in the USA will cease to have databases of card
numbers when/of the USA goes chip/pin since they systems do not see a
credit card number.  But their "shop on internet" continues to be loaded
with credit cards entered by customers.

So having secure software to handle that part would be a nice target
market.