Sign in / up

back to article US is Number One! In sales register hacking attacks, at least

Hacking attacks against sales terminals have risen by nearly a third last year, and the US is still leading the way in being insecure. Incidents affecting sales tills and payment systems increased to 31 per cent in 2016, according to research by security firm Trustwave, while incidents affecting e-commerce environments fell to …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. O RLY
    FAIL

    The US card issuers' insistence that Americans use Chip-and-Sign rather than Chip-and-PIN continues to frustrate me. It is very hard to find a US-issued personal chip card that is Chip-and-PIN. Typically, only a small set of credit unions issue them while none of the major banks do.

    4 1 Reply
    1. Gene Cash Silver badge
      Reply Icon

      That's not the issuer's fault... it's the merchant's for having a shite terminal and being too cheap to upgrade.

      As long as there's no financial penalty or drawback to the merchants or the banks, this will keep on truckin'

      It's funny though, I haven't shopped at Target since they got ripped. Not out of any organized boycott on my part, just "ugh don't want to deal with their retardedness..."

      2 0 Reply
      1. Chloe Cresswell Silver badge
        Reply Icon

        Normally, Chip and Pin, and Chip and Sign use the same terminal. They need the same chip reading hardware.

        Sure you're not confusing Chip and Sign and Swipe and sign when you say it's a shite terminal?

        3 0 Reply
        1. Swarthy
          Reply Icon

          Sign vs. PIN

          I believe the signing vs. PIN is down to US credit regulations and fraud laws, I don't believe I've ever seen a PIN-enabled credit transaction.

          I do know* that using someone else's credit card is not fraudulent, if you sign your own name; only if you forge their signature does it become credit card fraud.

          *From personal experience with a "friend" having stolen an actual, physical card from me and using it. The nice policeman explained which of the transactions were fraud and could be prosecuted** and which ones were not.

          **Not that the ever were, mind you, but they could have been. - Not that I'm bitter or anything.

          0 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Sign vs. PIN

            I had my debit card cloned last year (at a shop which hadn't enabled chip usage on the POS more tan a year after the deadline). It was clear the culprits were just kids as all the charges were for petrol, pizza, beer, etc and they would have been recorded using the card in multiple locations (all of which were less than 75 miles from where I live). Stole over $2500 in 30 or more transactions of less than $100 each.

            I filled out all the forms at my bank and got reimbursed quite quickly, but neither the bank or the police were interested in investigating the crime. This is why the issue is so bad in the USA, it's trivially easy to do and there are essentially no criminal consequences for the perpetrators.

            1 0 Reply
      2. Mark 85
        Reply Icon

        Re: Target....

        This store takes the cake, biscuit, whatever. During the whole mess with the data theft, the clerks kept on asking if I wanted to sign up for a Red Card. After responding about the hack, the typical response was "didn't know that, no one said anything" and they'd ask the next person if they wanted a card. Muppets all of them!!!!!!

        2 0 Reply
    2. ecarlseen
      Reply Icon

      Bzzt... wrong

      Chip and PIN isn't even an option for most retailers in the US. The banks generally don't support it. In any case, it's still a stone-age solution compared to tokenized systems like Apple Pay that flat-out eliminate the problem.

      0 3 Reply
      1. Brenda McViking
        Reply Icon

        Re: Bzzt... wrong

        I remember flummoxing a store assistant in macy's in NYC when I used my UK card in the terminal and just keyed in my PIN which authorised immediately. She still tried to make me sign the box that quite clearly said "no signature required" on the receipt.

        1 0 Reply
  2. aregross

    Rumor has it (fairly reliable) that US Financial Institutions are going to bypass Chip and PIN/Sign and go straight to Finger (Thumb?) print reading Credit Cards.... in about 10 Years! (that's my guess, taking into account how long it's taking them to install the EMV infrastructure)

    0 0 Reply
  3. Swarthy

    Chip & PIN vs Chip & Sign vs Swipe & <whatever>

    What's actually really interesting is in the current transition from swipe to chip, is noting the priorities. I have been at several retailers who have chip-enabled terminals, but you have to swipe for debit. The credit cards use the (slightly) more secure Chip & Sign, but debit cards use the less secure swipe & PIN.

    My guess is that the bank/merchant is on the hook for fraudulent credit purchases, but the customer is on the hook for debit. I can't think that the savings of keeping swipe for one would justify the cost of having two authentication systems, and it can't be regulatory, because some retailers use Chip & <x> for both; so I am forced to assume that there is some revenue generating cost saving mechanic in allowing customer-borne fraud.

    1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    I live in the US and I still see shops that don't have chip-enabled POS terminals almost 2 years after the deadline. I was at the grocery store last night and the person in front of me still had a non chip card. At that same shop, Apple Pay and Google pay have been broken for over two months as well. Of course it's not quite as bad as the lady I saw a few weeks ago who paid by check/cheque.

    I swear the US is so stuck in the past some times and I'm in the so-called progressive and modern part.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like