Debit card thieves get around PIN obstacle

I was talking to some folks from work about this over lunch the other day. It appears that some sort of compromise of consumer credit info, on a massive scale, has recently occurred. The scary thing about the particular breach is that the thieves appear to also have been able to garner PIN numbers for many of these cards.

I had no idea that many businesses can/do maintain your PIN number on their systems for a period of time, post-purchase.

"...many merchants incorrectly store PIN information they should be destroying after customers enter the secret code on PIN pads in stores around the country. While the information is often encrypted into something called a PIN block, the keys necessary to decrypt the information are often stored on the same network, she said. That makes stealing the PINs as easy as breaking into an office computer using a password a careless employee has taped to the screen."

Scary! Retailer implementations of this technology should all go through rigorous screening at the time of set-up. Keeping the key on the same network is stupid. This thing reeks of an insider job to me.

Time to check your cards for unauthorized purchases folks!

read more | digg story