At some Subways, the sandwiches aren’t the only thing that’s
Security in the networked world of today isn’t always the easiest to understand, we’ll admit. But business owners, who are in a position of trust when it comes to customers’ debit and credit card transactions, should really be up on basic internet security. When they’re not, they literally give away their customers’ information to hackers. Case in point: about 150 Subway franchises, which, along with at least 50 other small retailers, caused 80,000 customers to lose a total of $3 million after they set up debit card scanners without proper security and encryption.
Here’s what happened: Though Subway distributes lists of security requirements to franchisees, some neglected to follow them. According to a Justice Department statement, in addition to disregarding encryption requirements, they installed cheap remote desktop software, the kind that lets a computer be accessed from another location. All hackers had to do was guess or otherwise determine the password for access, which, as all too many people have found out, isn’t very hard when your password is “password” or “12345.” Once they had that, the hackers were like kids in a candy store, and it took quite some time for anyone to notice what was going on.
It’s enough to make you take a good, hard look at your lunch joint’s manager, and, if he looks like he doesn’t know a trojan from a man in a toga, walk right back out that door.
Read more at Ars Technica.
Image courtesy of Brixton / flickr