Friday, October 3, 2008

Credit card processors finally get clue, will ban WEP

Companies that accept major credit cards will be barred from using WEP for their WiFi security, but not until mid-2010. The rule is part of new security standards defined and released this week by the Payment Card Industry Security Standards Council, which is made up of companies like Visa, MasterCard, American Express, and Discover. The sad thing is that WEP—which can be cracked in as little as two minutes—is still widely used in the old and decrepit point-of-sale systems used by many retailers; the new rules should help move along the long-overdue adoption of tighter security in credit card processing.

WEP's hackability has been widely known since 2001, and has been blamed for the largest incident of consumer data theft in history. TJX, parent company of discount retailers T.J. Maxx and Marshalls, disclosed last year that hackers had stolen data covering over 45 million credit and debit cards over an 18-month period. In addition to pilfering over 45 million—and possibly as many as 200 million—credit card and debit card numbers, the hackers were also able to obtain other personal data from over 450,000 customers. This included driver's license numbers and Social Security numbers.

read more | digg story

No comments: