	Login

Home
Forums
Content
Photos
- Picture Gallery
About
- About
- Advertise
- Contact
- Donations
- Groups
- Link to Us
- Links
- Points
- Statistics
Shop
Register
- Gold Membership
Forum Help
Forum Extras
- Groups
- Medals
- Mod Log
- Ranks
- Search Forums
- Forum Stats
- Whois Online
Arcade Room

Board index » General » Current Events

Target hackers got card PIN numbers too

Author	Topic Options » Print view » Translate (fr to en) » Translate (en to fr)
Newsbot CKA Uber Posts: 30650 Posted: Fri Dec 27, 2013 11:47 am Title: Target hackers got card PIN numbers too Category: Business Posted By: DrCaleb Date: 2013-12-27 10:44:22 Canadian

DrCaleb CKA Moderator

Posts: 53394

Posted: Fri Dec 27, 2013 11:47 am

The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?

BartSimpson CKA Moderator

Posts: 65472

Posted: Fri Dec 27, 2013 11:53 am

DrCaleb DrCaleb:

The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?

If they don't have your PIN then they can't help themselves to your money when they want to.

DrCaleb CKA Moderator

Posts: 53394

Posted: Fri Dec 27, 2013 12:00 pm

BartSimpson BartSimpson:

DrCaleb DrCaleb:

The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?

If they don't have your PIN then they can't help themselves to your money when they want to.

Eggzaktlee. And they make their payment systems specifically chip-card incompatible so that they have the ability to record this information. But since they can't seem to keep their in store only data from escaping on the internet and creating huge privacy breaches, I still can't think of a business case where that makes sense. I also can't think why Provincial Privacy Commissioners across Canada let them keep this information.

Then again, I can't understand people giving them the data, their phone number and an email address in the first place.

Curtman

Posted: Fri Dec 27, 2013 1:26 pm

DrCaleb DrCaleb:

The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?

$1:

Target said it doesn't have access to nor does it store the encryption key within its system, and the PIN information can only be decrypted when it is received by the retailer's external, independent payment processor.
...
In 2009 computer hacker Albert Gonzalez plead guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted companies such as T.J. Maxx, Barnes & Noble and OfficeMaxe. Gonzalez's group was able to decrypt encrypted data.

This is what happens when people assume that encryption is infallible. In a POS system you have to store the encrypted data at least briefly, and you can bet that the "retailer's external, independent payment processor" assured them that once data is encrypted nobody can ever decrypt it without the key.

DrCaleb CKA Moderator

Posts: 53394

Posted: Fri Dec 27, 2013 1:42 pm

Curtman Curtman:

I laughed when they said that too. PINs are 5 digits max 100,000 combinations, usually 4 digits for 10,000 combinations. With a population of 10 million PINS, there will be some overlap. Figuring out the encryption keys won't be an 'NP complete' kind of a problem.

Page 1 of 1

[ 6 posts ]

Board index » General » Current Events

Who is online

Users browsing this forum: No registered users and 29 guests

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.