Quick, look at the device to the right and try to guess what it is. If you said a computer cable adapter, you’re wrong!
While this little accessory looks like a run-of-the-mill widget for connecting two PS/2 cables, it’s actually a keylogger designed to be attached to your computer and go unnoticed. Such devices do have legitimate uses in surveillance and law enforcement; however, for those with less honorable intentions, they also make excellent card skimmers if yoiu can attach one to a cash register, as one criminal group did at a Miami-area Nordstrom’s last month. Since they are sold openly at a relatively low price — and are sometimes used legitimately, for purposes such as monitoring the online activity of children or employees — anyone bold enough to use one will have no trouble getting their hands on it.
How does this figure into what we’re doing at Digital Check? By serving as an excellent real-world example of why P2PE — short for Point-to-Point Encryption — is an increasingly important security layer to have if you run a business with any customer-facing computers or terminals. P2PE takes standard data protection to the next level by encrypting card data directly at the magnetic read head, rather than relying on software running on the cash register or the computer being used to process transactions. It’s easy to dismiss the data cable from your card reader as a trivial vulnerability — but as the Nordstrom thieves proved, if a weaknes exists, however small, someone will exploit it.
In the Nordstrom’s case, the merchant avoided a major disaster — just barely — thanks to the sharp eyes of its security detail. However, had P2PE been in place, even if the thieves had pulled off their operation, all they would have succeeding in stealing was a series of random characters. Unfortunately, most card readers that were not built recently do not support device-level encryption, and many of the cheaper ones still on the market today share the same shortcoming.
Getting back to what this has to do with Digital Check — it’s why we built device-level encryption capability into our new DockXpress card reader in order to offer the maximum level of protection for sensitive data. While there are dozens of different magnetic stripe readers out there to choose from, we believe that if you choose ours, you should be getting the most advanced protection available.