You'd think people would figure out not to attach everything to the internet. Why the card readers needed to be connected to anything but an internal network (with no internet connection to that) is a bad security model to begin with.
Will they ever learn?
Guess maybe i'm not thinking. They do need to verify that cards are correct, so they do need some internet access, though they could do it over the phone.
Well, i guess they will still need to rethink the security of this.
Seems to me they readers only need to communicate with a computer in the store, then that computer could do the verifying. Might be a little slower, but would probably be a lot more secure.
First of all, to GP, what makes you think that the PoS terminals are attached to the Internet? Nothing in TFA even hits at such a thing. To parent, GP is right. The Internet is not required for the things we're talking about. Private networks, including VPN's (running through the Internet) are a much better choice. That said, if properly secured, credit card transactions can be safely processed across the Internet. An entire industry has been built around just that.
No. I think we're going to find that this skimming operation was operated from within Target's private network.