Quote:
Originally Posted by Barry-xlovecam
They are not supposed to be. You cannot retain consumer credit card data, i.e.; full credit card numbers unless it is on a SQL (data) server that only accepts local connections and in a security cage per PCI standards and VISA Net requirements.
So none of this makes sense. I think that this ''Russian hacker k0d3k1dde" is a diversion. This was probably an inside job or some major slop in compliance to PCI standards.
*** reading further a POS malware? Inside job too allowing Internet access to a POS system seems incredibly stupid. |
As I understood it: POS connected to intranet . Server connected to intranet with the POS but also to internet. Cyber criminal inserts mmom via the server . Mmom takes raw dump from the POS card reader and send it via the POS-intranet-server-internet to the cyber criminal's PC and from there he produces hacked cards.
So the data has a very short UN-encription time but enough for it to be captured.