Do you remember the Y2K bug? As a quick refresher, many people believed that computers were going to fail in the year 2000. The problem, many believed, would be due to the fact that computers would reset to zero after the year 1999.
Well, thousands of point-of-sale card terminals just fell victim to something very similar. It isn't a world-ending bug this time, though, because laziness caused thousands of terminals stopped working.
If you've been following my security coverage, then I'm sure you're seeing a pattern here. Here's what went down:
Credit card point-of-sale terminals built by Equinox Payments subsidiary Hypercom stopped working on December 7th, 2014. The card terminals stopped working, Equinox Payments claims, because a ten-year security certificate created in 2004 expired.
The certificate only expires when a store cycles the device's power. Different stores have different policies for cycling their payment systems' power, so it looked to security experts like a breach was infecting the terminals.
In truth, though, all that was happening is that these terminals were just due for a much-needed update.
Store owners complained to Brian Krebs of the KrebsOnSecurity blog. One anonymous merchant had this to say:
“I use two different generations of their terminals and have spent the last three days trying to understand completely why I had zero impact. Mass extinction of my POS devices at the manufacturer level was never on my list of scenarios that would wreck my day at retail. It is now.”
In the wake of security breach after security breach, I'll say this to the anonymous merchant: It's better to receive a security wake-up call than to use point-of-sale software that was created 10 years ago.
You can expect more point-of-sale hacks like the one where 4,200 parking garages were breached unless more companies don't start updating their security tech.