[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

POS Security (fwd)

   Chris suggested that I post my message to him on the mail list. His
response is included. I do not do retail but some of you might find this of



---------- Forwarded message ----------
On Tue, Jul 8, 2014 at 6:12 AM, Rich Shepard <..hidden..>

>   I don't know if you follow Brian Krebs' blog, www.krebsonsecurity.com,
> but you might consider doing so. His focus is on consumer/retailer fraud
> such as ATM skimmers and stolen credit/debit card data. A number of thefts
> (Target, Sally Beauty Supply, JC Chang's restaurants, car washes, etc.)
> involve malware inserted in point of sale systems. If LedgerSMB has
> retailers using such systems in front of your software it might be good if
> you folks helped protect their customers' data by making them aware of the
> problems and the available solutions.

Those are good points. Plus you have the evolution of PCI compliance in
response to such incidents. This is a very complicated topic, and I have
usually directed people to the PCI Standards as the first place to start
reading. The question of malware is also something which has received
additional scrutiny in more recent versions of the standards but that's not
the only area.

For most of our users, I think recommending dedicated dial-in terminals for
credit card processing really is the best way (i.e. avoid the PCI
compliance and theft/malware concern regarding credit cards entirely).

Maybe it would be a good point to bring this up on list?

Chris Travers

Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
Ledger-smb-users mailing list