We’re having an identity crisis. What will it take for companies to take this as seriously as they should?
Officials have found small devices in European point of sale card swipe machines that send selected transaction information to Pakistan. These are the card machines you use at the grocery store — totally plain vanilla. The devices appear to be untraceable and are inserted in some made-in-China MasterCard boxes. The best way to find out if a store has been infected is to literally weigh their card swipe machines. Bad machines weigh four ounces more than good ones.
This is affecting large chain stores, including a British unit of Wal-Mart and Tesco. It is not isolated or off the beaten path — and it really is diabolical. The machines can be set, evidently, to just send a few transactions, say every tenth Visa Platinum transaction, once a day. They can also get new instructions when they send their take — so their work is quite hidden. Add that up over time.
What happens to the information once it goes to Pakistan? It gets used, of course. Bank withdrawals are made, plane tickets and other merchandise get purchased. So far, the estimates are between $50 and $100 million. The motivation appears not to be a espionage, but plain old theft. Authorities are watching, though, in case there is a terrorism link, the destination being in Pakistan and all.
Meanwhile, just to ratchet up the Tom Clancy: The Chinese version of Skype evidently spies on users. This was discovered by a University of Toronto researcher in relatively simple fashion — by checking out what happened when he used the f-word in a message. (To be clear, this is a joint venture between Chinese phone provider TOM and Skype, it is not Skype itself.)