Using a credit card at a gas station could pose more of a risk for data theft than shopping online. Point-of-sale terminals have emerged as a weak link in the security chain, according to a Gartner Inc. analyst.

When a card is swiped, point-of-sale (POS) terminals often collect and store the data held in the magnetic stripe on the back of a credit card, said Avivah Litan, a Gartner vice president and distinguished analyst. Retailers are often unaware that their POS applications collect so much information.

In the hands of sophisticated hackers and counterfeiters, the data collected from the magnetic stripe is enough to create a replica card. “It’s almost more dangerous to go to the gas station than it is online,” Litan said at Gartner’s Identity and Access Management Summit in London on Monday. “The data is just sitting there. No one even thought about what data is on a POS controller.”

Retailers’ network configurations are partly to blame. Many are using the Internet to transmit data in place of dial-up networks, and many have incorporated wireless access points into their networks using WEP (Wired Equivalent Privacy), Litan said, which is not considered a strong form of encryption.

Hackers lurk in parking lots looking for weak networks to penetrate. Since the POS terminals are linked via IP, once a hacker has accessed a network they can try out neighboring IP addresses until they locate a store of data, Litan said.

Data breaches that occur offline are common. Of 160 breaches investigated for one major credit card brand, 128 took place in the brick and mortar world where the card was physically present for the transaction, rather than being used online or over the telephone, according to Gartner.

Click here to read the rest of this story…

This entry was posted on Tuesday, June 26th, 2007 at 8:35 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.