Recent investigations reveal that the thieves singled out stores with strong wireless signals and weakly protected data. While their exact methods are not known, they could have parked a car outside a store or set up in the local Starbucks, using a laptop computer outfitted with an off-the-shelf wireless receiver. They may have even received help from Web sites listing the geographic coordinates of easy-to-target stores.
From there, it would be easy to pick up signals being broadcast around the store and use them to gain access to its computer systems. For more than a month, the hackers “robbed” the same shops again and again of premium card account numbers stored in their databases.
And further along in the article:
Visa and MasterCard encourage – but do not require – the vast majority of small and midsize merchants to prove their compliance. Only about 400 of the country’s biggest retailers and just over 10,000 midsize merchants with a substantial online presence have that obligation. That group must pass an annual security audit, often self-assessed, and conduct quarterly scans of their computer networks for vulnerable points.
Put another way, that means Visa and MasterCard require fewer than three-tenths of 1 percent of the country’s estimated five million merchants to certify they are following their security rules. And many of those online merchants missed a recent June 30 deadline.
Remember the story about the DSW data theft is worse than predicted story back in April of this year?
Well, unfortunately, the story only appears to begin there!
This NYTimes story goes on to tell the rest of the story….and what a tangled web it is!
Oh, it just makes me all warm and fuzzy inside. NOT!
Thanks to Klok for sending the story.