Comment Re: Wow ... (Score 1) 419
I've never seen the bank to supply either POS software (thing that works at touchscreen-enabled device) or card payment terminal - the latter is usually supplied by a processing center company which works with many banks.
However, if that was the customer's (Apple) wish to only process the override numbers at the end of the day, then perhaps Apple is the victim, not the processing company or the bank. In fact, I don't see the "bank" in this scheme at all. It's either Apple or the processing company, which might or might not belong to the bank.
What Sharron and Temeshia (oh, these anglo-saxon names...) did to Apple and Victoria Secrets was one of many possible exploits to imperfect system of card transaction. When you are entering your PIN code using corded pin pad, the data is encrypted in transit (where "transit" is that short cable) using DES algorithm. The system consists of two parts - business rules and technology. However, it only protects itself against technology attacks.
The algorithms of higher level, the workflows of the whole process, are made to comfort the customer. Until that final moment of ultimate discomfort, which is regarded as "nonsense fantasy" during the development process. So you don't have to beat the technology if you know the business rules.