Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Payments Giant Verifone Investigating Breach (krebsonsecurity.com) 8

Verifone is investigating a breach of its internal networks that appears to have impacted a number of companies running its point-of-sale card terminals, security reporter Brian Krebs reports. From the report: Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations. On Jan. 23, 2017, Verifone sent an "urgent" email to all company staff and contractors, warning they had 24 hours to change all company passwords.
This discussion has been archived. No new comments can be posted.

Payments Giant Verifone Investigating Breach

Comments Filter:
  • by s.petry ( 762400 ) on Tuesday March 07, 2017 @03:39PM (#53994791)

    All breaches start out being reported small, but tend to reveal much more. It's completely possible that this was an isolated breach, but as a security expert I'll wait for the full release and report. If they were in, they may have much more access than the initial report claims. Perhaps not individual credit card data, but bigger sets of data belonging to vendors.

  • by ErichTheRed ( 39327 ) on Tuesday March 07, 2017 @04:16PM (#53995049)

    I'm convinced that big companies just pay for cyberattack insurance and call it a day, rather than actually improve their security. Everywhere I have ever worked, the internal network has been treated as completely open. If you can get your machine on an open network port or joined to wireless, you're in and have full access to everything. It's cheaper to give out free credit monitoring for a year than it is to re-architect the network so that nothing is trusted by default.

    The root cause analysis will be interesting -- could be anything from an inside job to sloppy contractors leaving a hole open to just poor patching discipline. I wonder how secure places like Visa or American Express are, given that Verifone, the manufacturer of payment processing devices, can't be bothered with security.

    • by FeelGood314 ( 2516288 ) on Tuesday March 07, 2017 @04:30PM (#53995143)
      I did security evaluations of Verifone devices many years ago. They had the only device I ever failed to breach. They seemed to be very detailed oriented and careful. Their devices were also more expensive to make and better put together than their competitors.
      • by tlhIngan ( 30335 )

        Well, if they properly set up the network, it's likely the payment network is secure and isolated from the corporate network. The corporate network is a bit more "open" to allow employees to do their jobs and engineering and all that, and it's likely that makes it a good target for breaches - because if there's any information on vulnerabilities on the payment network, or their payment devices, it would be on the corporate network.

        So if they do this right, no customer data was breached (other than perhaps t

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...