December 02, 2009
-
Restaurants Sue Radiant and Computer World, Pt.1
It's all in a password.Several restaurants in Louisiana and Mississippi who became the victims of cyber criminals in Romania have filed a class action suit against the debit and credit card payment processing company for failing to properly secure the system. A Romanian hacker infiltrated the restaurants systems who were customers of Radiant Systems, a global provider of point of sale technology to the hospitality and retail industries. Computer World, a Louisiana based retailer, is also named as a defendant in the suit. The retailer maintains and sells Radiant Systems' Aloha point of sale (POS) debit and credit card payment processing systems. According to the suit, Radiant Systems sold the system which did not meet the industry's debit and credit card payment system standards.
The suit alleges that because of the security weakness, a number of customers' personal information was compromised. One of the industry's security standards prohibits merchants from retaining customer's debit and credit card information downloaded from the card's magnetic strip after the transaction has been completed. In violation of this standard, Radiant Systems' Aloha POS stored the debit and credit card information making it vulnerable to attack. Additionally, according to court documents, Computer World's service technicians installed PC Anywhere which allows its technicians to access the restaurants system from an off-site location to fix technical problems.
While installing PC Anywhere in itself does not create the problem if handled appropriately, the company's failure to secure the debit and credit card payment processing system is. Not only was the system not upgraded with current security patches, but the remote login and passwords were the same for over 200 different Louisiana locations. To make matters worse, the login and passwords were generic standard and well known codes of "administrator" and "computer." The end result, the Romania based hackers accessed the payment systems of over 19 businesses via the PC Anywhere software.