Rich Freeman on 7 Mar 2018 12:28:21 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] POS Malware Found at 160 Applebee’s Restaurant Locations


On Wed, Mar 7, 2018 at 3:10 PM, Keith C. Perry
<kperry@daotechnologies.com> wrote:
> I'm not sure 'bout that one Rich...
>
> If you authorize the value of a payment, my understanding of this "signed" transaction  is based on the what you are authorizing.  If you are saying that both of those could be changed before sending so that everything matches then I agree but that would be a very poor hack because the receipt you get would not match the transaction to your bank.  This be easy to challenge.  If something like that happened to even a few transactions it would be easy to spot and the software would be shut down.
>

Certainly.  I'm not saying there aren't legal remedies.  It just
strikes me as being less secure than would otherwise be possible, and
again it doesn't provide for card-not-present transactions, or ones
where a non-PCI-certified terminal could be used.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug