I am looking forward to presenting at BSidesDC this weekend, where I'll be giving a talk titled "Point-of-Sale to Point-of-Fail." In my presentation, I will be discussing the recent rash of retail breaches over the past couple of years and how and why they are occurring, and what retailers can do to protect themselves. The epidemic of mega-retail breaches reveals a number of weaknesses in point-of-sale systems and payment gateways. Challenges in PCI DSS and vulnerabilities in payment systems and gateways have provided a number of opportunities for organized criminal syndicates to take advantage and exploit weaknesses.
The burden is not solely on the retailers, but on several industries as a whole for making these breaches and related credit card fraud so easy and lucrative for criminals. The ease and profit of fraud has increased demand for stolen credit cards and in turn increased resources allocated to attack US retailers. This presentation will take a systemic look the technical factors that lead to these retail breaches through the use of sophisticated malware and how PCI DSS compliance could not have helped these scenarios. I will illustrate how underground economies, fraud and geo politics have empowered and emboldened criminal syndicates to help create a perfect storm. I will also discuss how the bank fraud managers, the Secret Service and law enforcement know about retail breaches before the compromised retailers do, and how chip and PIN technology will only have a limited impact on fraud once implemented. If you will be attending BSidesDC, join me on October 17 at 2:30 PM in Salon A – Grand Ballroom.
