Monday, March 06, 2006

Hacker Outsmarts Kinko's ExpressPay Cards

Ooops

Some companies have a real problem understanding that the technology to read and write mag stripe cards is commonplace these days. It would not take much to make the cards a lot harder to fake, a MAC code generated using a system wide shared secret would cost next to nothing but hold off a large proportion of attacks.

The terminals do have some controls in place. They can only be accessed from the kinkos locations. That means that a person using a fraudulent card is at personal risk. It would not take a great deal to detect fraud and arrest persistent perpetrators.

The bigger more worrying threat is the fact that it appears criminal gangs have been picking up on this type of network and using them as a means of money laundering. That means that their security controls are going to be subject to a much higher level of scrutiny than the designers likely expected.

No comments: