This is one of those subjects which is important to you and me as well as to those whose businesses depend on keeping customer data secure. Have you ever had a credit card cloned or otherwise raided for its – that is, your – personal and financial information? In the US? So have I.
AccessData does a good line in live demonstrations of the problems which its eDiscovery, forensic and security products are designed to manage. Lee Reiber, for example, can be seen at events demonstrating how much information can be taken off a second-hand smartphone bought from eBay. Security expert Lucas Zaichkowsky does the same with systems designed to process credit cards.
His article Point of Sale Hackers, RAM scrapers, and Keystroke Recorders concerns a demonstration using his own credit card which involves reading the magnetic stripe as well as the EMV chip to show how easily credit card data can be stolen even from modern payment systems.
In a video shown in an article from SC Magazine, Lucas Zaichkowsky goes one step further and shows us what can happen when his credit card is swiped in what is now an old-fashioned way of reading cards. We see relevant credit card information in plain text. What do you expect, sneer those from countries which have abandoned card-swiping in favour of EMV chip-and-pin devices? Lucas does that as well; the result will alarm anyone who uses a credit card anywhere.
To close, here is the crowd gathered to hear Lucas Zaichkowsky talk about all this at Black Hat 2014 this week. That looks like a capacity crowd to me.