Technology is King. We know that with the right technology theft and error will go away and yes, we will have a perfect industry. In fact we are there today. NO WAIT!!!
The headlines over the past weekend seem to fly in the face of my first paragraph. The Largest Parking Company on the planet has had a number of its garages hacked and who knows how many credit cards of their customers stolen. The company says that the theft has been discovered, fixed, and they are working with banks and clearing houses to find out just whose cards were stolen.
I spoke to a couple of engineers about the problem and they know nothing about this actual theft, but they weren’t surprised. What they told me was that this is not particularly difficult. It sort of works like this:
A bit of software is put into the system that lies in wait for a credit card transaction. When it sees one it grabs the card and the association information and sends it to a web site somewhere on the planet. The transaction continues and the theft of the information goes unnoticed. The more cleaver the thieves, the longer it goes unnoticed.
The assumption in this case is that the card holder noticed that there was fraudulent charges on his bill and complained to his bank, who traced the card transactions back through the clearing house to a place where the card might have been stolen. In this case, a garage somewhere in the US.
Investigations were begun and the breach was discovered. The ‘malware’ was removed, passwords changed, security upgraded and life goes on.
I’m told this type of hacking is difficult to see and difficult to stop. Tons of card numbers on file weren’t stolen, cards were stolen as they were used. Sort of one at a time.
Software geeks tell me that their security is better than everyone else’s. Everyone tells me that its impossible to ‘hack’ their system. We believe them at our peril. Its like saying no one on the planet is smarter than you are.
The internet gives us wonderful information and tools to help our lives. But it also gives bad guys the ability to look at our systems, test our security, find a weakness, and exploit it.
But in the end, the weaknesses are found, they are fixed, and then new ones are found, they are fixed, and life goes on.
JVH
PS — When I was in the military, I worked in a Classified Installation. Dogs, Fences, badges, big guys with guns, all the good stuff. The security there understood the problem. There were two phone systems, one internal, one external. They were not connected in any way. All classified conversations took place on the internal phone. The external phones were unplugged when you weren’t talking. Those super spooks understood the problem. Do we?