Comments on: More POS Hacks Grab CC Numbers http://www.spacerogue.net/wordpress/?p=72 Personal weblog of Space Rogue, former L0pht member and editor of the Hacker News Network. Mon, 13 May 2013 14:14:32 +0000 hourly 1 http://wordpress.org/?v=3.5 By: xodusprime http://www.spacerogue.net/wordpress/?p=72&cpage=1#comment-12468 xodusprime Mon, 12 May 2008 04:02:53 +0000 http://www.spacerogue.net/wordpress/?p=72#comment-12468 I’ve got to say, after installing and maintaining POS systems for a while, there is quite a bit that can be done, even without any hardware modification. The credit-card bridging software used by a number of POS software platforms can often be accessed to pull back full names and credit card numbers from each transaction. While not as powerful has having a PIN, if the clerk had to manually enter anything, or if it was a phone order, often times the CVV number will be included in these records.

Since many small businesses use their POS server as an office computer as well, it’s just a matter of nabbing the IP address and getting yourself a backdoor. While it isn’t something that can be done easily, I don’t think it would be more difficult than dismantling a pin-pad and including a capture device.

]]>