3/17/2006

Visa Issues Cash-Register Flaw Warning

Filed under: — By Aviran Mordo @ 1:08 pm

The U.S. arm of credit and debit card giant Visa International has issued an alert for flaws in cash-register software made by Fujitsu Transaction Solutions that could put sensitive cardholder information at risk.

According to a report in The Wall Street Journal, the bug can cause the inadvertent storage of customer data—including secret PINs—within the point-of-sale software installed in retail locations.

The report said Visa USA sent the warning to “merchant acquirers” that process card transactions for some of the biggest names in retail and urged users to apply a software upgrade from Fujitsu to fix the flaw.

According to a recent research report by Gartner analyst Avivah Litan, retailers in the United States incorrectly store PIN information and data on point-of-sale terminals instead of destroying the data as required by card industry guidelines.

Although the data is encrypted into PIN blocks, Litan explained that the decryption keys are usually stored on the same network, meaning that a malicious hacker can break into a computer system and steal thousands of PINs tied to sensitive customer information.

Source: eWeek

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress