Digital Edition

SYS-CON.TV
How to Lock Down Sensitive Data By @Motorola | @CloudExpo
For retailers everywhere, it's a challenging new day as security threats are a constant - both inside their four walls and out

How to Lock Down Sensitive Data from Increasingly Clever Hackers

For retailers everywhere, it's a challenging new day. Security threats are a constant - both inside their four walls and out. The big security breaches we hear about on the news; the smaller ones sometimes not. But their impact remains costly to us all. The need for mobility, rapidly evolving technology and meeting growing customer expectations for network user access continues to complicate matters for retail IT - and has set the stage for the increased risk with over the air breaches using rogue Bluetooth® devices.

Bluetooth technology has transformed how we connect - both at home and at work. It is intended for consumer product connectivity and can be misused for gaining entry into enterprise applications. The technology is often used for payment card readers, but is also being misused by hackers as an unsecured way to gain access into retailers' networks. Once inside, they can install malware onto point of sale (POS) devices and plant a rogue Bluetooth transmitter. Then, using their own mobile devices, they can download collected information to their device as they walk by undetected - up to 300 feet away.

With virtually every customer in the store using a myriad of wireless devices to check prices, download coupons, etc., the thief - even on video - would be difficult to identify. The reduced risk involved makes this type of crime even more alluring.

A Rapidly Growing Threat
Credit card data theft is becoming increasingly common. Because of this, it's exploding into a full-blown epidemic from which no retailer is exempt. A sophisticated Russian syndicate recently breached a large retailer's credit card payment system, adding to the millions of credit card numbers it's hacked from retailers over the last seven years.

Other skimmers have targeted bank ATMs and gas stations. Here's a startling snapshot of their impact:

  • In the U.S. alone, credit card theft has increased 50 percent from 2005 to 2010, according to the U.S. Department of Justice.
  • Identity theft cost Americans $24.7 billion in 2012[1]
  • During that same year, an estimated 16.6 million people (approximately 7 percent of all people age 16 or older in the U.S.) experienced at least one incident of identify theft.
  • According to a January 2014 report, the Federal Bureau of Investigation (FBI) warned retailers to prepare for more cyber POS attacks.[2]

For retailers, the costs associated with a credit card breach are substantial. From the direct remediation costs of offering credit card monitoring for any affected customers, to the costs of any lawsuits filed by consumers, it's an expensive proposition. Not to mention, the incalculable brand damage a breach causes in loss of customer trust and loyalty.

Hackers running skimming operations have upped their game, improving their technology to make stealing credit card data even easier by installing a Bluetooth-based skimmer inside the targeted POS machine.

In January of this year, the first arrests were made for Bluetooth Skimming. Thirteen individuals were indicted with running a multi-million dollar fraud ring using gas pump skimmers at stations throughout the southern U.S.[3] The defendants allegedly encoded the stolen card data onto counterfeit cards, and armed with stolen PINs, withdrew funds from victim accounts at ATMs. When all was said and done, they managed to steal more than $2 million from approximately 70 bank accounts.

Why Manual Network Monitoring Is Not the Answer
It's tough for retailers to keep up. Sophisticated criminals are constantly searching for gaps in their security measures and access into their networks. And unlike Wi-Fi or cellular technologies which are encrypted and/or firewalled for consumer use, Bluetooth devices are not and have traditionally not been a concern until recently. However, as stores enable shoppers to use their networks to do more, firewall precautions need to be taken to protect sensitive network data and retain the PCI compliance required to enable secure transactions.

New Effective Options
With all the challenges this new threat brings - along with others no doubt on the horizon - the good news is there are solutions available now to minimize Bluetooth intrusion risks.  When evaluating your security options, make sure:

  • You select a provider with proven experience and a platform that detects suspicious Bluetooth devices and sends an alert when unusual usage patterns or repetitive devices are identified.
  • The solution delivers a single management interface, allowing you to easily define different classes of devices which eliminate false alarms generated by Bluetooth-enabled devices in the hands of your customers, your associates and workers in neighboring businesses.

Retailers have a lot to lose when a data breach occurs, and the associated costs are dramatic as we've seen in multiple cases over the last year. With Bluetooth monitoring in place, retailers can expand their wireless network security to include both the Wi-Fi and Bluetooth spectrum and defend against this new and previously unguarded threat.  Valuable customer data - and your business - depend on it.

References

  1. http://www.bjs.gov/content/pub/press/vit12pr.cfm
  2. http://mobile.reuters.com/article/topNews/idUSBREA0M1UF20140124?irpc=932
  3. http://krebsonsecurity.com/category/all-about-skimmers/

Conference Schedule Announced

Are you ready to put your data in the cloud?

What is the future of security in the cloud?

Does Docker quickly advance the development of an IoT application?

What are the implications of Moore's Law on Hadoop deployments?

Get all these questions and hundreds more like them answered at the 15th Cloud Expo, November 4-6, 2014, at the Santa Clara Convention Center, in Santa Clara, CA. The Cloud Expo / Big Data Expo / @ThingsExpo / DevOps Summit programs are now available for you to inspect and investigate in advance.

Our upcoming November 4-6 event in Santa Clara, California will present a total of 10 simultaneous tracks by an all-star faculty, over three days, plus a two-day "Cloud Computing Bootcamp" presented by Janakiram MSV, an Analyst with the Gigaom Research analyst network, where he covers the Cloud Services landscape.

Cloud and Big Data topics and tracks include: Enterprise Cloud Adoption, APM & Cloud Computing | Hot Topics, Cloud APIs & Business, Cloud Security | Mobility, Big Data | Analytics.

@ThingsExpo content tripled from a single track in New York to three simultaneous tracks: Consumer IoT, Enterprise IoT, IoT Developer | WebRTC Convergence.

DevOps Summit also doubled from a single track in New York to two simultaneous tracks: "Dev" Developer Focus and "Ops" Operations Focus.

Schedule for Cloud Expo / Big Data Expo / @ThingsExpoHere

Schedule for DevOps SummitHere

Now that we have published the full conference schedule, please check back for daily updates as we finalize new session abstracts by working with our distinguished faculty members. For your questions please contact us at events (at) sys-con.com. Last but not least we will announce our keynotes on the hottest subjects to be delivered by world-class speakers!

The largest 'Internet of Things' event in the world has announced "sponsorship opportunities" and "call for papers."

The 1st International Internet of @ThingsExpo was launched this June at the Javits Center in New York City with over 6,000 delegates in attendance. The 2nd International Internet of @ThingsExpo will take place November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, California, with an estimated 7,000 plus delegates attending over three days.

@ThingsExpo is co-located with 15th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world. In 2014, more than 200 companies will be present on the @ThingsExpo show floor, including global players and the hottest new technology pioneers.

Sponsorship and Exhibit Opportunities for @ThingsExpo Silicon Valley and New York Are Now Available
Sponsors and exhibitors of Internet of @ThingsExpo will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for sponsors that have been guaranteed a 35-minute technical session
  • Online advertising in SYS-CON's i-Technology publications
  • Capitalize on our comprehensive marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
  • Unprecedented PR Coverage: Editorial coverage on IoT.sys-con.com, Tweets to our 75,000 plus followers, press releases sent on major wire services to over 500 combined analysts and press members who attended Internet of @ThingsExpo - making it the best-covered "Internet of Things" conference in the world

For more information on sponsorship, exhibit, and keynote opportunities contact Carmen Gonzalez by email at events (at) sys-con.com, or by phone 201 802-3021. Book both events for additional savings!

@ThingsExpo Silicon Valley (November 4-6, 2014, Santa Clara, CA)
@ThingsExpo New York (June 9-11, 2015, New York, NY)

Secure Your VIP Pass to Attend @ThingsExpo Silicon Valley
Internet of @ThingsExpo announced today a limited time free "Expo Plus" registration option. The onsite registration price of $600 will be set to 'free' for delegates who register during September.

To take advantage of this opportunity, attendees can use the coupon code "IoTSeptember" and secure their "@ThingsExpo Plus" registration to attend all keynotes and general sessions, as well as a limited number of technical sessions each day of the show, in addition to full access to the expo floor and the @ThingsExpo hackathon.

The registration page is located at the @ThingsExpo site here.


@ThingsExpo New York 2015 'Call for Papers' Now Open
The 3rd International Internet of @ThingsExpo, to be held June 9-11, 2015, at the Javits Center in New York City, New York announces that its 'Call for Papers' is now open. The event will feature a world class, all-star faculty with the hottest IoT topics covered in three distinct tracks.

Track 1 - Consumer IoT and Wearables: Smart Appliances, Wearables, Smart Cars, Smartphones 2.0, Smart Travel, Personal Fitness, Health Care, Personalized Marketing, Customized Shopping, Personal Finance, The Digital Divide, Mobile Cash & Markets, Games & the IoT, The Future of Education, Virtual Reality

Track 2 - Enterprise IoT: The Business Case for IoT, Smart Grids, Smart Cities, Smart Transportation, The Smart Home, M2M, Authentication/Security, Wiring the IoT, The Internet of Everything, Digital Transformation of Enterprise IT, Agriculture, Transportation, Manufacturing, Local & State Government, Federal Government

Track 3 - Developer IoT: WebRTC, Eclipse Foundation, Cloud Foundry, Docker & Linux Containers, Node-Red, Open Source Hardware, Leveraging SOA, Multi-Cloud IoT, Evolving Standards, WebSockets, Security & Privacy Protocols, GPS & Proximity Services, Bluetooth/RFID/etc., XMPP, Nest Labs


@ThingsExpo billboard is viewed by more than 1.3 million motorists per week on Highway 101, in the heart of Silicon Valley

Help plant your flag in the fast-expanding business opportunity that is the Internet of Things: Submit your speaking proposal today here!

Download @ThingsExpo Newsletter Today Here

Chris Matthieu Named @ThingsExpo Tech Chair

Internet of @ThingsExpo named Chris Matthieu tech chair of Internet of @ThingsExpo 2014 Silicon Valley.

Chris Matthieu has two decades of telecom and web experience. He launched his Teleku cloud communications-as-a-service platform at eComm in 2010, which was acquired by Voxeo. Next he built an open source Node.JS PaaS called Nodester, which was acquired by AppFog. His latest startups include Twelephone. Leveraging HTML5 and WebRTC, Twelephone's BHAG (Big Hairy Audacious Goal) is to become the next generation telecom company running in the Web browser. Chris is currently co-founder and CTO of Octoblu.

Website: http://www.ThingsExpo.com

Twitter: http://www.Twitter.com/ThingsExpo

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (CloudComputingExpo.com / @CloudExpo), Big Data Expo (BigDataExpo.net / @BigDataExpo), DevOps Summit (DevOpsSummit.sys-con.com / @DevOpsSummit), Internet of @ThingsExpo (ThingsExpo.com / @ThingsExpo) and Cloud Computing Bootcamp (CloudComputingBootcamp.com).

Cloud Expo® and Big Data Expo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.

About Imran Akbar
Imran Akbar is Vice-President and General Manager of the Enterprise Networks and Communications division of Motorola Solutions. Motorola’s Enterprise business recently announced a new AirDefense Bluetooth monitoring solution that is a cost-effective, easy-to-deploy solution and can be up and running in as little as a day, improving payment card security without increasing operational costs.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

While you are correct that the problem is on the rise, I believe you have narrowed your focus on the cause of the problem and have not looked deep enough. The problem is exactly the scenario faced by the phone companies in the 1980's - antiquated policies, procedures and technology led to rampant identity theft (for phone companies, it was long distance calling cards). The credit card is 50-year-old technology, and the policies and procedures have undergone very minor tweaks in those decades. Although it is the Federal Government's job to oversee national public safety issues, they have fallen short in forcing the banking industry to start from scratch and revamp how they do things. PayPal, as I see it, is one of the early innovators in devising a more secure way of doing this by not sharing card data with merchants - but they didn't go far enough. I hope that the new Apple Pay will achieve this dream - by having the card data only existing in the bank and the cardholder, and merchants get dynamically-generated data for each transaction - there is no way to intercept card information, nor to store it in the merchant's system for hackers to obtain. Registering a card for use requires the issuing bank's intervention, so that means it is harder for a thief to register a stolen card with their device for payment. This type of revamp is the ONLY way to achieve payment security.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know ...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an over...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and ...
The cloud era has reached the stage where it is no longer a question of whether a company should mig...
The need for greater agility and scalability necessitated the digital transformation in the form of ...
ChatOps is an emerging topic that has led to the wide availability of integrations between group cha...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting ch...
While some developers care passionately about how data centers and clouds are architected, for most,...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they respon...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every ...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - w...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is...
We are given a desktop platform with Java 8 or Java 9 installed and seek to find a way to deploy hig...
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis too...
"Cloud4U builds software services that help people build DevOps platforms for cloud-based software a...
The question before companies today is not whether to become intelligent, it’s a question of how and...
Kubernetes is an open source system for automating deployment, scaling, and management of containeri...