Thread: OT: Restaurant Hacked!?!

Andy wrote:

> What gives a restaurant the right to amass
> credit card numbers? Seems either sinister or
> absurd to me
>
> It's only a few minutes away. I never ate there
> and as of now, I never will.

They'll probably lower their prices because of the scandal, and you
could always use another form of payment. Unless you're one of those
people who gets more sustenance from fake outrage than from food.

On Apr 18, 9:39*am, George M. Middius <glanb...@gmail.com> wrote:
> Andy "The Scavenger" wrote:
> > What gives a restaurant the right to amass
> > credit card numbers? Seems either sinister or
> > absurd to me
>
> > It's only a few minutes away. I never ate there
> > and as of now, I never will.
>
> They'll probably lower their prices because of the scandal, and you
> could always use another form of payment. Unless you're one of those
> people who gets more sustenance from fake outrage than from food.

Considering the **** The Scavenger calls food, that'd make sense.

--Bryan

On Wed, 18 Apr 2012 08:14:19 -0700 (PDT), Bryan
<[email protected]> wrote:

> On Apr 18, 9:39*am, George M. Middius <glanb...@gmail.com> wrote:
> > Andy "The Scavenger" wrote:
> > > What gives a restaurant the right to amass
> > > credit card numbers? Seems either sinister or
> > > absurd to me
> >
> > > It's only a few minutes away. I never ate there
> > > and as of now, I never will.
> >
> > They'll probably lower their prices because of the scandal, and you
> > could always use another form of payment. Unless you're one of those
> > people who gets more sustenance from fake outrage than from food.
>
> Considering the **** The Scavenger calls food, that'd make sense.
>
If banks and the military/white house/government can be hacked, I
don't see why they can't hack into a restaurant site.

--
Food is an important part of a balanced diet.

sf wrote:

> If banks and the military/white house/government can be hacked, I
> don't see why they can't hack into a restaurant site.

That's certainly believable, but Addled does have a point: Why on
earth is a merchant storing credit card numbers on a hackable computer
connected to the 'Net?

On Wed, 18 Apr 2012 14:52:06 -0400, George M. Middius wrote:

> sf wrote:
>
>> If banks and the military/white house/government can be hacked, I
>> don't see why they can't hack into a restaurant site.
>
> That's certainly believable, but Addled does have a point: Why on
> earth is a merchant storing credit card numbers on a hackable computer
> connected to the 'Net?

The spyware could be capturing outbound data being transmitted by the
restaurant to the credit card processing company before it's
encrypted. They did this to Restaurant Depot late last year. It was
sending all credit card info offsite to a Russian computer. They
hacked the software that links the readers to their central CC
processing computers. Similar schemes have also compromised Subway
and Lucky grocery stores.

They are not going to go into that much detail in a news story (not
that the media would be able to explain it properly anyway).

Also credit card numbers are required at some restaurants to secure
reservations. If they don't show up, they charge the card $25 (or
whatever) as a no-show fee. There's no other way to accomplish that
without storing the card information until the time of the
reservation. They could pre-auth the card at the time the reservation
is made and throw away the card number, but that only works for
reservations that are taken 6 days or less in advance. And that
wouldn't go over too well with some customers.

-sw

On Wed, 18 Apr 2012 08:28:01 -0500, Andy <[email protected]> wrote:

>OT: Restaurant Hacked!?!


>
>What's a restaurant doing storing customer
>credit card numbers???

They may only transmit once or twice a day to the bank so there would
be a cache of information.


>
>I thought that info only went as far as the
>card reader service!

The one connected to the computer?


>
>Sketchy on the details. An inside job? Hacked
>over the internet? Why would a restaurant even
>be on the internet? And if so, why no firewall?
>

Firewalls are hacked every day. As for why they are connected, you've
got to be kidding. They conduct business that way, as do most
businesses today.

Some restaurants take reservations over the internet, some take the
food orders for take out. Many have their web site to showcase their
menu. This is the 21st century.

Ed Pawlowski <[email protected]> wrote:

> On Wed, 18 Apr 2012 08:28:01 -0500, Andy <[email protected]> wrote:
>
>>OT: Restaurant Hacked!?!
>
>
>>
>>What's a restaurant doing storing customer
>>credit card numbers???
>
> They may only transmit once or twice a day to the bank so there would
> be a cache of information.
>
>
>>
>>I thought that info only went as far as the
>>card reader service!
>
> The one connected to the computer?
>
>
>>
>>Sketchy on the details. An inside job? Hacked
>>over the internet? Why would a restaurant even
>>be on the internet? And if so, why no firewall?
>>
>
> Firewalls are hacked every day. As for why they are connected, you've
> got to be kidding. They conduct business that way, as do most
> businesses today.
>
> Some restaurants take reservations over the internet, some take the
> food orders for take out. Many have their web site to showcase their
> menu. This is the 21st century.


Ed,

Here's a brief in the local Daily Times:

http://alturl.com/ci6rp

I've never touched a cash register in my life. I imagined the transaction
would be as instant as an ATM transaction.

Andy

On Apr 18, 10:53*am, sf <s...@geemail.com> wrote:
> On Wed, 18 Apr 2012 08:14:19 -0700 (PDT), Bryan
>
>
>
>
>
>
>
>
>
> <bryangsimm...@gmail.com> wrote:
> > On Apr 18, 9:39*am, George M. Middius <glanb...@gmail.com> wrote:
> > > Andy "The Scavenger" wrote:
> > > > What gives a restaurant the right to amass
> > > > credit card numbers? Seems either sinister or
> > > > absurd to me
>
> > > > It's only a few minutes away. I never ate there
> > > > and as of now, I never will.
>
> > > They'll probably lower their prices because of the scandal, and you
> > > could always use another form of payment. Unless you're one of those
> > > people who gets more sustenance from fake outrage than from food.
>
> > Considering the **** The Scavenger calls food, that'd make sense.
>
> If banks and the military/white house/government can be hacked, I
> don't see why they can't hack into a restaurant site.
>
> --
> Food is an important part of a balanced diet.

Isn't it more likely that the company that services the credit card
transactions was hacked? That's what happened with the Michaels
(hobby) chain a year ago.

N.

On 4/19/2012 3:39 AM, Andy wrote:

> Here's a brief in the local Daily Times:
>
> http://alturl.com/ci6rp



Which says, "CONCORD – An investigation has been launched into the
identity thefts of customers at Ruby’s Diner at the Shoppes at Brinton
Lake."



OMG, the Shoppes... at Brinton Lake! Does anyplace call its complex "the
Shoppes" anymore? Really? That's so throwback!! Time for a rename, guys.

In any event, I'm betting that the owners of this diner were so ignorant
of how easy it is for hackers to get into these systems that they never
gave it a serious thought before now.

Pennyaline <[email protected]> wrote:

> On 4/19/2012 3:39 AM, Andy wrote:
>
>> Here's a brief in the local Daily Times:
>>
>> http://alturl.com/ci6rp
>
>
>
> Which says, "CONCORD – An investigation has been launched into the
> identity thefts of customers at Ruby’s Diner at the Shoppes at Brinton
> Lake."
>
>
>
> OMG, the Shoppes... at Brinton Lake! Does anyplace call its complex
"the
> Shoppes" anymore? Really? That's so throwback!! Time for a rename,
guys.
>
> In any event, I'm betting that the owners of this diner were so
ignorant
> of how easy it is for hackers to get into these systems that they never
> gave it a serious thought before now.


Pennyaline,

Exactly, perhaps!

Too bad!!!

Andy

"Andy" <[email protected]> wrote in message news:[email protected]..
> Pennyaline <[email protected]> wrote:
>
>> On 4/19/2012 3:39 AM, Andy wrote:
>>
>>> Here's a brief in the local Daily Times:
>>>
>>> http://alturl.com/ci6rp
>>
>>
>>
>> Which says, "CONCORD - An investigation has been launched into the
>> identity thefts of customers at Ruby's Diner at the Shoppes at Brinton
>> Lake."
>>
>>
>>
>> OMG, the Shoppes... at Brinton Lake! Does anyplace call its complex
> "the
>> Shoppes" anymore? Really? That's so throwback!! Time for a rename,
> guys.
>>
>> In any event, I'm betting that the owners of this diner were so
> ignorant
>> of how easy it is for hackers to get into these systems that they never
>> gave it a serious thought before now.
>
>
> Pennyaline,
>
> Exactly, perhaps!
>
> Too bad!!!
>
> Andy

Here in Australia we had a credit card scam at several McDonalds'
restaurants, this was carried out by a team of "techs from head office"
changing the card readers in the stores for readers that sent all the
details to the thieves. The way a Point Of Sale system works here each
individual card swipe goes directly to the bank and is approved for the
amount on the till and if there is not enough funds to cover the meal the
transaction is voided. The card details are not held at the store on any of
the machines.

Mike

On Wed, 18 Apr 2012 22:59:21 -0400, Ed Pawlowski wrote:

> On Wed, 18 Apr 2012 08:28:01 -0500, Andy <[email protected]> wrote:
>
>>OT: Restaurant Hacked!?!
>
>>
>>What's a restaurant doing storing customer
>>credit card numbers???
>
> They may only transmit once or twice a day to the bank so there would
> be a cache of information.

The card numbers are not stored. Only the transaction numbers. Thsoe
numbers link back to the actual CC's on file at the CC processing
company once that batch is transmitted.

-sw

On Thu, 19 Apr 2012 16:14:21 -0600, Pennyaline wrote:

> In any event, I'm betting that the owners of this diner were so ignorant
> of how easy it is for hackers to get into these systems that they never
> gave it a serious thought before now.

Ruby's diners are a big chain of 50's retro diners. Funny, though,
that restaurant is not listed on their website (at least not in
Concord).

-sw

On Wed, 18 Apr 2012 14:15:40 -0500, Sqwertz <[email protected]>
wrote:

>On Wed, 18 Apr 2012 14:52:06 -0400, George M. Middius wrote:
>
>> sf wrote:
>>
>>> If banks and the military/white house/government can be hacked, I
>>> don't see why they can't hack into a restaurant site.
>>
>> That's certainly believable, but Addled does have a point: Why on
>> earth is a merchant storing credit card numbers on a hackable computer
>> connected to the 'Net?
>
>The spyware could be capturing outbound data being transmitted by the
>restaurant to the credit card processing company before it's
>encrypted. They did this to Restaurant Depot late last year. It was
>sending all credit card info offsite to a Russian computer. They
>hacked the software that links the readers to their central CC
>processing computers. Similar schemes have also compromised Subway
>and Lucky grocery stores.
>
>They are not going to go into that much detail in a news story (not
>that the media would be able to explain it properly anyway).
>
>Also credit card numbers are required at some restaurants to secure
>reservations. If they don't show up, they charge the card $25 (or
>whatever) as a no-show fee. There's no other way to accomplish that
>without storing the card information until the time of the
>reservation. They could pre-auth the card at the time the reservation
>is made and throw away the card number, but that only works for
>reservations that are taken 6 days or less in advance. And that
>wouldn't go over too well with some customers.
>
>-sw

Can you imagine say hacking Marriott with all the pre aut. cards for
room holds....god forbid.

In article <[email protected]>,
[email protected] says...
>
> "Andy" <[email protected]> wrote in message news:[email protected]..
> > Pennyaline <[email protected]> wrote:
> >
> >> On 4/19/2012 3:39 AM, Andy wrote:
> >>
> >>> Here's a brief in the local Daily Times:
> >>>
> >>> http://alturl.com/ci6rp
> >>
> >>
> >>
> >> Which says, "CONCORD - An investigation has been launched into the
> >> identity thefts of customers at Ruby's Diner at the Shoppes at Brinton
> >> Lake."
> >>
> >>
> >>
> >> OMG, the Shoppes... at Brinton Lake! Does anyplace call its complex
> > "the
> >> Shoppes" anymore? Really? That's so throwback!! Time for a rename,
> > guys.
> >>
> >> In any event, I'm betting that the owners of this diner were so
> > ignorant
> >> of how easy it is for hackers to get into these systems that they never
> >> gave it a serious thought before now.
> >
> >
> > Pennyaline,
> >
> > Exactly, perhaps!
> >
> > Too bad!!!
> >
> > Andy
>
> Here in Australia we had a credit card scam at several McDonalds'
> restaurants, this was carried out by a team of "techs from head office"
> changing the card readers in the stores for readers that sent all the
> details to the thieves. The way a Point Of Sale system works here each
> individual card swipe goes directly to the bank and is approved for the
> amount on the till and if there is not enough funds to cover the meal the
> transaction is voided. The card details are not held at the store on any of
> the machines.
>
> Mike

This same scam was run on Stop & Shop grocery stores in the northeast
U.S. a few years ago.

Now they're a little more careful with the credit card terminals.