What can Barnes and Noble do going forward?

Published: 10/25/2012

If you haven't heard, there has been a breach of credit card data. This data never even made it to a secure system before it was compromised. It has been reported that Barnes and Noble Point of Sale PIN-pad devices (used to enter your secret PIN) at 63 of their stores had a hidden little gem inside the device: a credit card sniffer.

This sniffer was "listening" for the credit card swipe and the associated PIN entry and grabbing the data before it hit the POS terminal. This means that an untold number of credit cards are now at risk.

This is a serious matter. If we cannot trust the devices in the store, how can we make purchases?

There is an interesting and scary thing about POS terminals. The credit card readers on most of them send your credit card information in clear text to the POS terminal. These are glorified keyboards with 1960's level technology. Get your hands on that stream of data and it is easier to run up fraudulent transactions than shooting fish in a barrel.

So what can Barnes and Noble do going forward? Well for one thing they could hook up mobile applications built on SubtleData that eliminate the ability for someone to sniff the line and get the credit card data. By using SubtleData for their secure backend transmission of the credit card data to the POS, they get rid of any potential for bad doing. The reason is that the data throughout the entire process is encrypted. It starts at the credit card reader encrypting the card data right away.

SubtleData has certified encrypted credit card readers that cannot be broken into for those criminals wanting to place "sniffers." The connection from the reader to SubtleData is encrypted which means no sniffing can be done there either. Then SubtleData double-encrypts the data and transmits it encrypted to the POS, so the only way a credit card could be compromised is if the POS company themselves tried to hack their own system. This is highly unlikely because they need to be able to sell POS systems in order to stay in business.

The only other way to completely eliminate fraud would be restrict purchases to cash, but in today's "ever-moving to a cashless society" we have to protect the consumers by taking the transmission process from the front-of-house and move it to the back-of-the-house. The consumer won't see a change, just the criminals.

If you know someone at Barnes and Noble, and they are still employed, please send them a link to our site.

Tags: Barnes and Noble   breach   PIN   sniffer  


© 2011 - 2014   SubtleData, Inc. - All Rights Reserved
Patent 6,384,850; 6,871,325, 6,982,733, and 8,146,077