I work in the amusement game industry, maintaining all sorts of arcade games, digital jukeboxes, pinballs, etc. and often encounter network deployments at small businesses (bars, diners, etc) that were obviously put together by someone who has no clue what they are doing.
switches daisy chained together and hanging by their wires from the ceiling, or left in a heap behind the bar, equipment that they don't even realize is still there, tucked away somewhere and still hooked to the network, Open AP's, or ones with passwords provided to patrons hooked to the same equipment their POS is on, etc.
I have recently been hearing more about PCI compliance, and only know a small amount, like having to encrypt payment info, protecting pin pads from physical attack, etc. Since I deal with things like digital jukeboxes that take cash, and some online arcade games, I don't mess with POS devices as part of my job, but do see them at our customer's locations.
My question is this: How much of a security nightmare are situations like I've described above? If you have all of your equipment on one network (including cheap IoT devices), with only the very basic firewall provided by the ISP modem/router, and the network has APs with public access, are people's payments at risk if the business is using compliant readers/terminals for their POS?
I know this is a very common scenario, as so many people take the "I plugged it all in and it works" approach with no understanding of security, or the "my friend/son/brother/dog hooked it up for me"
Should I be worried about using my card at places that likely don't have a professionally managed network?
No comments:
Post a Comment