As CNN reports, credit cards are not a secure form of payment. Nearly all of them are at risk of being hacked. 90% of credit card readers currently use the same password.
Lack of responsibility and apathy are leading to the problem.
"No one is changing the password when they set this up for the first time; everybody thinks the security of their point-of-sale is someone else's responsibility," Trustwave executive Charles Henderson said. "We're making it pretty easy for criminals."
Trustwave put together research on how susceptible credit card machines were to hackers.
The fault lies with retailers and their special vendors. It's like home Wi-Fi. If you buy a home Wi-Fi router, it's up to you to change the default passcode. Retailers should be securing their own machines. And machine resellers should be helping them do it.
"Companies spend more money choosing the color of the point-of-sale than securing it," Henderson said.
As Verizon concluded in a recent cybersecurity report, “retailers get hacked because they're lazy.”
In one recent case Henderson investigated, keystroke-logging spyware was downloaded to machines used to process credit card transactions, because employees had re-programmed the machine to play a version of Guitar Hero pirated off the internet. The malware was contained on the file of the popular guitar simulator.
"It shows you the level of access that a lot of people have to the point-of-sale environment," Henderson said. "Frankly, it's not as locked down as it should be."
There have been numerous high profile hacks in recent months and years. As Hacked reported on 2014:
IBM’s Security team has released cyber attack statistics for 2014. In the summary, 2014s biggest hacks so far have changed from previous years – focusing on malware affecting US retailers, 43% more retail data was stolen in 2014 than the previous year.
IBM said 61 million retail records were stolen over the last 12 months. Down from last year’s 73 million. Also noted, the number of daily attacks dropped from 4,200 to just over 3,000. Put together, it shows the typical breach in 2014 has become more destructive.
Below are 8 of 2014s Biggest Hacks So Far. Often, breaches are not made public until months after they occur. Historically, Black Friday has been one of the most active days for cyber attacks. That information is not anticipated until later in the year.
Among some of the biggest retailers hacked were eBay, Target, AOL, UPS, Staples, Home Depot, JP Morgan & Sony.
The hack for the credit card machines is so well-known (it can be found via a Google search) it is published with little problem: It's either 166816 or Z66816, depending on the machine.